Mar 23, 2016 · Be aware that once you set the STS header or submit your domains to the HSTS preload list, it is impossible to remove it. It’s a one‑way decision to make your domains available over HTTPS. Read More. For more details about HSTS, check out the following resources: RFC 6797, HTTP Strict Transport Security (HSTS) Aug 04, 2017 · The preload directive is set in the HSTS header on the web server, once all requirements for preload have been configured you submit your domain to the HSTS preload list. Summary By default redirecting HTTP requests to HTTPS leaves the possibility for a MITM style attack to intercept the initial request.
Until that time, the HSTS preload list is a simple, effective mechanism for locking down HTTPS for an entire domain. HSTS as a forcing function. Strict Transport Security provides meaningful security benefits to visitors, especially visitors on hostile networks. Get on the HSTS Preload List for Chrome Posted By Bill Hartzer on September 27, 2017 at 7:31 pm As you are well aware by now, I moved this site to HTTPs (a secure SSL site) back a few years ago when Google announced that HTTPs is, in fact, a search engine ranking factor. Nov 05, 2015 · HSTS preload list While HSTS is a good thing, there’s still the situation where the user has never visited your site before. In this case, the user could still request your site by http.
After HSTS is enabled on your site, you will need to get on the preload list maintained by Chrome (this list is also used by other browsers). Doing so will mean that even first time visitors to your site will be forced to your secure pages.