Make Chrome To Always Use HTTPS With Your Website

| September 18, 2014 | Google, How To | No Comments

Do you own a website ? Do you want your website to be in Google chrome’s “HSTS ” list aka HTTPS preload list ? Then check this article and lean how you can do it.

HTTP Strict Transport Security (HSTS)

As you know HTTP is insecure. An attacker can grab that connection, manipulate it. Only highly tech savvy users can see it is redirecting to some fake websites. Here comes the importance of HSTS.

HSTS is one of the latest feature in chrome. HSTS allows a site to request that it always be contacted over HTTPS. When you activated the HSTS and the browser sees this, all the request to that domain will be contacted over HTTPS only.

If you would like to see your website included in the preloaded HSTS list you can submit it at  https://hstspreload.appspot.com.

HSTS

The is the list of websites that are hard coded into Google Chrome as being HTTPS only. Firefox and Safari also have HSTS preload lists which include the Chrome list.

In order to add your website to chrome list,You can submit your site in the web page mentioned above. But make sure you have a valid certificate. Once the manual verification completed it will transfer all HTTP traffic to HTTPS including your sub domains.

Another thing to note is the HSTS header on base domain, The pre load token, sub domain taken must be specified and expiry must be eighteen weeks. If you have any redirect it must have an HTTPS header.

The preload list submissions are not automatic. It will take couple of weeks to approve your submission But Google chrome dev team, put a link where you can verify the status of the domain.

Add,Delete,Query HSTS status

Just visit chrome://net-internals/#hsts in your address bar and add your website in the Query domain option and click query button to see if it is included in the preload list. You can also delete any domain you own later.

HSTS ADD

Still you got some dought let me conclude, if someone has got a certificate installed on an e.g. a shared hosting with no hsts configured and no way to get the provider set it up, you in chrome preload it and force to use ssl. Cool, isn’t it !

Tags:,

Related Posts

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.