October is Cyber Security Awareness Month, and this year’s theme, “Stay Safe Online,” is all about the simple ways to protect yourself and your business from online threats. To make it easy for you to achieve the gold standard of website security, consider registering a top-level domain from Google Registry.
Most website owners know that installing an SSL certificate is an important step to keeping their users safe. It’s a must-do if your website collects personal information, such as credit card information or logins with passwords.
On the flipside, savvy internet users know they should never enter their personal information on a website that isn’t being served over a secure connection.
What many website owners don’t know is that bad actors, who may try to misdirect traffic, spy through open wi-fi networks, inject malware or tracking, or alter site content, can use even a single page that isn't encrypted to gain access to the rest of your website.
To ensure that your entire website is always encrypted, you can add it to the HSTS preload list.
The HSTS preload list is a list of websites that browsers know to only ever load over a secure, encrypted connection. This is considered to be the gold standard of website security and the only way to ensure that your website cannot be forced onto an unencrypted connection. There are two ways to achieve this kind of security:
- Add your domain to the HSTS preload list and wait for an unknown period for browsers to propagate the change.
- Use a HSTS preloaded top-level domain, such as .app, .dev, .page, .rsvp, and .day, and receive the highest standard of website encryption from day one. There are no extra steps beyond installing an SSL certificate, and no need to wait for browsers to update.
Once you’re ready to set up your SSL certificate, be sure to check out our ultimate guide. For a video explanation of encryption and HSTS-preloading, check out this video. Here’s to keeping you and your users safe!
