HSTS (Strict Transport Security)
Do you support HSTS (Strict Transport Security) in the future? Maybe it will add more security.
Roy Bowen commented
Adding the HSTS setting manually is cumbersome. It would be a great addition to configure via the server admin console.
Rhianne Jhane commented
I just thought it may be an idea to post incase anyone else was having problems researching but I am a little unsure if I am allowed to put names and addresses on here.
Justin Edelson commented
Any updates on this?
This 2016 article states that 95% of HTTPS servers are vulnerable to trivial MITM (man-in-the-middle) attacks: https://news.netcraft.com/archives/2016/03/17/95-of-https-servers-vulnerable-to-trivial-mitm-attacks.html
You can determine if your CW site implements HSTS by running this scan: https://www.ssllabs.com/ssltest/index.html
Under Protocol Details, Strict Transport Security (HSTS) should be Yes.
Are there any downsides to implementing HSTS? What are the HSTS pros and cons?
Bump. This would be extremely valuable.
This is really needed.
With Google rank at stake this is now a dealbreaker
WPEngine do it
Greenhost do it
Another vote here! UP
yeah we need it !