What is Enhanced
HTTPS?
Enhanced HTTPS checks verify that HTTPS is properly configured with redirects, compression, and HSTS (HTTP Strict Transport Security) headers.
Why it
matters.
Proper HTTPS configuration is fundamental to web security. HSTS prevents downgrade attacks and ensures all connections are encrypted. HTTPS redirects ensure users always use secure connections. These protect against man-in-the-middle attacks and are essential for protecting customer data.
What can
go wrong.
Without proper HTTPS configuration: users may access your site over unencrypted HTTP, attackers can intercept and modify communications, browsers will show security warnings, and you fail compliance requirements. Missing HSTS allows attackers to force unencrypted connections.
Technical
details.
HTTPS checks verify: 1) HTTPS is available and working, 2) HTTP redirects to HTTPS automatically, 3) HSTS header is present with appropriate max-age, 4) HSTS includes subdomains when appropriate. HTTP compression is informational but improves performance.
Check your domain’s
HTTPS configuration.
Run a free security check to see how your domain scores across all sixteen checks, including Enhanced HTTPS.