#perfaudit

Performance Audit Of Web Applications By Professionals

HTTPS Secured with HSTS | Best Practices | Networking Performance

The browser checks its “preloaded HSTS (HTTP Strict Transport Security)” list. This is a list of websites that have requested to be contacted via HTTPS only.

Secured with HSTS

If the website is in the list, the browser sends its request via HTTPS instead of HTTP. Otherwise, the initial request is sent via HTTP. (Note that a website can still use the HSTS policy without being in the HSTS list. The first HTTP request to the website by a user will receive a response requesting that the user only send HTTPS requests. However, this single HTTP request could potentially leave the user vulnerable to a downgrade attack, which is why the HSTS list is included in modern web browsers.)


Share

Subscribe
Subscribe
Audit Requests

Want us to audit your Website?

We'll audit the page load and rendering performance of your web application.
Share your contact and we'll get back to you very soon.