HSTS preloading provides browsers with a preloaded list of web sites which should only be contacted using HTTPS.
- In this movie, we're going to continue our discussion…of HSTS, by talking about a great feature called preloading.…Let's review what we've talked about with HSTS so far.…And let's do it by thinking about the steps that happen…when a user tries to interact with a website,…starting with an insecure connection.…So the user goes to their browser,…and they enter http:// and the domain name.…That's not going to be a secure connection,…because they used http.…The request is going to be sent by the browser,…using HTTP on port 80, then the web server…is going to be told that it should redirect…all requests on port 80 to use HTTPS.…
We did that in the first movie of this chapter.…After that, the web browser's going to say,…"oh, okay, I misunderstood, let me resubmit the request."…This time using HTTPS on port 443.…And then we've configured our web server already…to us our SSL certificate, and to respond to that correctly.…In the last movie, we also told the web server…to send back a header with an HSTS directive as well.…
- What are SSL certificates?
- Choosing a certificate
- Installing a certificate
- Configuring a web server to require HTTPS
- Using HTTP Strict Transport Security (HSTS)
- Renewing certificates