All geek questions in one place

HSTS Preload List - A Possible SEO Problem for www Sites

Let me explain the real situation in the world.

I launched the website https://www.liloo.ro and I want to enable HSTS (+ HSTS preload) for it.

The problem is that in order to send it to the preload list , the main domain must respond with the HSTS header.

Let me clarify: To send a site to the preload list and fulfill the requirements, the first redirect must be in the https version of the main domain.

In my case, I can’t redirect from http directly to https + www → I need to redirect first from http to https (for this, the main HSTS header) and redirect again to https + www

This creates a huge SEO problem with permission resolution (not to mention that chained redirects are not perfect).

Thus, with every look at this, I either have to abandon the HSTS preload list, or use secondment redirects. None of the options look perfect.

The only possible workaround may be some of the pre-list requirements, but I don’t quite understand what this means:

If you are serving a redirect, there must be an HSTS header, not a redirected page, to redirect.

, , HSTS... , , . , ?... HSTS , www?

www -www ... , "" .

- . HTTP HSTS www web.config ... , (+ nginx)

+4
1

, , , .. http://DOMAIN https://www.DOMAIN, HTTPS, - www  .

, "" .

, www, , .

, HSTS ( , ) : HTTPS. , HSTS , , HTTP- , "307 " HTTPS . ( , hstspreload.org, HSTS.)

, , :

, HSTS, .

() hstspreload.org:

HTTPS, HSTS ( ).

:

, , HSTS...

, HTTP HSTS. , HTTP Strict-Transport-Security . , SWI-Prolog HTTP-, :

?- http_status_reply(moved('https://stackoverflow.com'), current_output,
     [strict_transport_security('max-age=63072000; includeSubdomains')], Code).

:

HTTP/1.1 301 Moved Permanently
Date: Sun, 12 Feb 2017 10:04:55 GMT
Location: https://stackoverflow.com
Strict-Transport-Security: max-age=63072000; includeSubdomains
Content-Length: 366
Content-Type: text/html; charset=UTF-8

etc.

, , TLS ( , !). , HTTP rightarrow, HTTPS, , () HTTP, . p >

:

SEO ( , ).

, , , , (!) , , .

, : , , HSTS, , , HTTPS ( , , HSTS!). , , https://DOMAIN rightarrow; https://www.DOMAIN, . , . , HSTS , preload , -.

+1

Source: https://habr.com/ru/post/1668861/

More articles:


All Articles