Hsts on google.com

Aysun Akarsu in Internet Protocols, News Search Engines 8 years, 3 months ago Comments

Is really Google.com on HSTS ?

Google announced bringing  HTTP Strict Transport Security (abbreviated as HSTS) to www.google.com. HSTS is a web security policy mechanism which allows a web server to enforce the use of HTTPS in a compliant User Agent (UA), such as a web browser. It lets a website tell web browsers that it should only be communicated with using HTTPS instead of using HTTP.

Although Google moved on HTTPS long before many well-known top sites such as Twitter, Facebook or Wikipedia, it is the last bringing HSTS to google.com among them. Besides, as announced on Google Blog, HSTS is brought for the moment only to www.google.com.

Below are Google's as well as some top sites dates of HTTPS migration.

Google      18/10/2011

Twitter       13/02/2012

Facebook  01/08/2013

Wikipedia  12/06/2015

Soon after Google's HSTS announcement, Youtube followed the same path and shared bringing HSTS to Youtube.

Youtube HSTS

A website server needs to return Strict-Transport-Security HTTP header in order to enable HSTS when the site is accessed over HTTPS. However no Strict-Transport-Security HTTP Header is returned from www.google.com when HTTP header of www.google.com is fetched although this header is returned from other top sites which are cited above.


A second way of checking this information is through Chrome.The Google Chrome browser offers a quick way to check a domain's HSTS status via chrome://net-internals/#hsts. Querying domain www.google.com on chrome://net-internals/#hsts gives the result below.

chrome hsts google.com

STRICT  as dynamic_upgrade_mode means that the browser has been instructed to enable HSTS by an HTTP response header.

Third way of verifying the information given by google about bringing HSTS to google.com is checking Chrome's HSTS preload list which is a list of sites that are hardcoded into Chrome as being HTTPS only. Most major browsers (Chrome, Firefox, Opera, Safari, IE 11 and Edge) also have HSTS preload lists based on the Chrome list.

A sample from this list is below.

Thanks for taking time to read this post. I offer consulting, architecture and hands-on development services in web/digital to clients in Europe & North America. If you'd like to discuss how my offerings can help your business please contact me via LinkedIn

Have comments, questions or feedback about this article? Please do share them with us here.

If you like this article

Follow Me on Twitter

Follow Searchdatalogy on Twitter

Related Tags: HTTPS  

Comments

Legal Terms Privacy

Python SEO

Learn Programming for SEO on Dataizer: Learn Python for SEO

Data SEO

Walid Gabteni: Consultant SEO

Vincent Terrasi: Data Scientist SEO

Remi Bacha: Data Scientist SEO

Recent Posts

SEO data distribution analysis 5 years, 2 months ago
87 million domains pagerank 5 years, 12 months ago
SEO Forecasting 6 years, 1 month ago
SEO data analysis 6 years, 1 month ago
BrightonSEO conference 6 years, 1 month ago
HTTP2 on top sites 6 years, 4 months ago
What HTTP headers googlebot requests? 6 years, 7 months ago
Desktop & mobile performances 6 years, 9 months ago
Alexa top 1 million sites 6 years, 9 months ago
Is my site in google's mobile first index? 6 years, 11 months ago
Free SEO tools with google app script 7 years, 5 months ago
1 million #SEO tweets 7 years, 9 months ago
SEO, six blind men & an elephant 7 years, 10 months ago
Technical SEO log analysis 8 years ago
3 ways for free https 8 years, 1 month ago
Crawl dictionary 8 years, 1 month ago
Https on top sites 8 years, 2 months ago
SEO web server log files 8 years, 3 months ago
Hsts on google.com 8 years, 3 months ago

Recent Tweets

Aysun Akarsu
Aysun Akarsu @aysunakarsu
Search Datalogy

DATAIZER is - An interactive web based platform where you can execute Python code and access IPython shell. - Desig… https://t.co/q0xptL8GlR
2 years, 1 month ago

TestDriven.io
TestDriven.io @testdrivenio
Search Datalogy

Python Clean Code Tip: Use dataclasses when only storing attributes inside your class instances to reduce the amou… https://t.co/6S6uN5d1Wn
2 years, 1 month ago

Aysun Akarsu
Aysun Akarsu @aysunakarsu
Search Datalogy

https://t.co/0sC4xC7pqC https://t.co/QspwLn1LFa
2 years, 1 month ago

Aysun Akarsu
Aysun Akarsu @aysunakarsu
Search Datalogy

Why Programming for SEO? https://t.co/hC6TR1DOgB https://t.co/HC0VjgvbyH
2 years, 2 months ago

Aysun Akarsu
Aysun Akarsu @aysunakarsu
Search Datalogy

Programming for SEO 101 Online Course at DATAIZER https://t.co/97I6EC8TmZ Registration for Interest… https://t.co/G93So8JSSj
2 years, 2 months ago