When putting a web server on to the big wide internet we always prefer to have that web server handling its content over HTTPS if any interaction is required by the user. This also includes our very own server which hosts our website. To ensure our website data could not be altered or monitored on its way to your browser; we have implemented HSTS (HTTP Strict Transport Security).
HSTS is deployed when a connection is made to the HTTPS server; it will tell the browser:
Hey you! We only do HTTPS around here! Remember that for 63072000 seconds (2 years)
This means that when your browser connects to https://www.n-coders.co.uk again; it will only ever use HTTPS until the expire time is up.
The positive effects of using HSTS:
- Prevents HTTPS removal attack
- Ensures communication is HTTPS or not at all
- Can include all sub domains if a wildcard TLS certificate is available