Are you ready for 2017 with your website using SSL Certification?
Last month Google announced it will have a major security update in Chrome (Version 56). The news is for security enthusiastic like us glad, when not even happy. Finally our beloved Browser is getting a Security update who shows everybody, do not use unprotected website!
So let’s start from the beginning. You most time are thinking, why should XY get your information when you visit website XY? Well for marketing reason? Knowledge (Website owner) from visitors is like your best friend, he knows how you scroll, click, referrer, PC specs etc..
You gonna say, that’s not a secret they can have those information. There is the problem! They can have those information, but not everyone else. With an insecure website (Without SSL Certification) you can not validate that this is really this website.
Example, couple days ago gave me my best friend a link (Where is right now blocked in Chrome), a website who is “coping” Facebook.com website, it looks like Facebook, but it isn’t. With a “Red-Warning-Bar” it’s obviously catching your attention that there is something wrong and you gonna drop that website immediately…
Now what is CSP and HSTS?
Both are a security technology, Content Security Policy (CSP) where protect your website and HSTS secure yours domain of using only HTTPS.
HTTP Secure Transport Security (HSTS), is a Web Server feature, to protect your domain to redirect the complete time period of your SSL-Certification to use only HTTPS.
Example of a HSTS header tag for Apache2:
Header always set Strict-Transport-Security "max-age=15768000"
We are waiting for the new features in Chrome, and will highly recommend your business/blog or web app to activate SSL certification with CSP/HSTS activated. You can start now, or latest on December 31th 2016.