HSTS (Strict Transport Security)
Do you support HSTS (Strict Transport Security) in the future? Maybe it will add more security.
There is an article written by CloudWays to do it manually, but since how crucial it is for SEO, there should be a switch to turn it on in the SSL Tab of each application!
Come on guys, this is a one day job! Lets get it done please
Roy Bowen commented
Adding the HSTS setting manually is cumbersome. It would be a great addition to configure via the server admin console.
Rhianne Jhane commented
I just thought it may be an idea to post incase anyone else was having problems researching but I am a little unsure if I am allowed to put names and addresses on here.
Justin Edelson commented
Any updates on this?
This 2016 article states that 95% of HTTPS servers are vulnerable to trivial MITM (man-in-the-middle) attacks: https://news.netcraft.com/archives/2016/03/17/95-of-https-servers-vulnerable-to-trivial-mitm-attacks.html
You can determine if your CW site implements HSTS by running this scan: https://www.ssllabs.com/ssltest/index.html
Under Protocol Details, Strict Transport Security (HSTS) should be Yes.
Are there any downsides to implementing HSTS? What are the HSTS pros and cons?
Bump. This would be extremely valuable.
This is really needed.
With Google rank at stake this is now a dealbreaker
WPEngine do it
Greenhost do it
Another vote here! UP
yeah we need it !