back to article Google rolls out HSTS

Google has begun its rollout of HTTP Strict Transport Security (HSTS) across its domains. The HSTS automatically forces browsers to upgrade insecure HTTP connections to encrypted HTTPS. Google tried rolling it out at the end of last year but faced technical issues that knocked the Chocolate Factory's Santa tracking service …

  1. Adam 52 Silver badge

    "Ordinarily, implementing HSTS is a relatively basic process. ... particular complexities ... mixed content, bad HREFs, redirects to HTTP, and other issues like updating legacy services"

    In other words implementing HSTS isn't at all simple and is likely to be a headache for almost everyone who has more than one page on their site.

    1. Anonymous Coward
      Anonymous Coward

      No a headache for anyone with already broken or badly designed sites.

  2. jms222

    and thanks to Google and their desire to make everything HTTPS it puts far more load on infrastructure because content can no longer be cached.

    1. Anonymous Coward
      Anonymous Coward

      I'll give up caching at intermediaries (which never worked that well anyway), in exchange for not having massive JavaScript modification attacks like 'Great Canon' blasting my site, or sketchy-as-fuck American ISPs injecting adverts.

    2. alexmuller

      That's a blanket statement which isn't true.

  3. Version 1.0 Silver badge

    Interesting

    I've noticed recently that Google directed searches for HTTP domains have been failing with a "server not found" message yet going directly to the domain works fine.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022