Last year we rolled out one-click HTTPS hosting for our hosting accounts using free Let’s Encrypt certificates. We’ve been making some further improvements to our control panel so that once you have enabled and tested HTTPS hosting, it’s also easy to redirect all HTTP traffic to your HTTPS site.
We’ve also added an option to enable HTTP Strict Transport Security (HSTS). This allows you to use HTTPS on your website and commit that you’re not going to stop using it any time soon (we use 14 days by default). Once a user has visited your site their browser will cache the redirect from HTTP to HTTPS and will automatically redirect any future requests without even visiting the HTTP version of your site.
HSTS makes it harder for an attacker to impersonate your site as even if they can intercept your traffic, they won’t be able to present an non-HTTPS version of your site to any user that has visited your site within the last 14 days.
We believe that the web should be secure by default, and hope that these latest changes will make it that little bit easier to secure your website. These features are available on all of our web and email hosting accounts. We’ll also happily enable this as part of the service for customer of our managed server hosting.