We are proud to announce the launch of our HTTPS implementation report, which is in open beta. This new report in Site Audit allows you to check if HTTPS is implemented correctly on your website and will let you know exactly what isn’t right.
You may already know how important it is to protect your website with HTTPS, and now if you are moving your website from vulnerable HTTP to secure HTTPS or just want to monitor if there is any error occurred in your HTTPS performance, here are some handy checks that can help you.
What are the exact checks for HTTPS implementation?
To access the checks, first go to your project or create a new one, and then click on Site Audit. You will notice the HTTPS Implementation report among the tabs.
Let’s look closer at each check.
This check warns you if your security certificate is expired. An expired certificate triggers a warning message for your users once they enter your website.
By renewing the certificate you will keep your website’s bounce rate from increasing.
Certificate registered to incorrect domain name
This check will inform you if the domain name to which your SSL certificate is registered matches the name displayed in the address bar. If it does not, users will see a warning and might leave your website.
Old security protocol version (TLS 1.0 or older)
This check lets you know if your website is running old SSL or TLS protocol, which is a security risk. This way you will know if you should implement the newest protocol -- version 1.1 or higher.
In a nutshell, this check warns you if your website does not use HTTPS. It is crucial for websites managing sensitive user data like passwords to use HTTPS instead of HTTP. A warning for ‘non-secure’ HTTP pages may affect user behavior in a negative way, as users will quickly leave a website that is marked as non-secure.
No Server Name Indication (SNI) support
This check informs you if your web server supports SNI. Using SNI allows you to support multiple servers and host multiple certificates at the same IP address, which may improve your security and trust.
No HTTP Strict Transport Security (HSTS) server support
This check lets you know if HSTS is implemented by checking the server header response. HSTS informs web browsers that they can communicate with servers only through secured HTTPS connections. By implementing it, you can be sure that you are serving secure content to your users.
The HTTPS report is currently in open beta and its number of checks will grow. Below you can find a list of the rest of the checks that we plan to add in the near future.
- Mixed content
- No redirects or canonicals to HTTPS URLs from HTTP versions
- Pages with HTTP links in the sitemap.xml of an HTTPS site
- HTTPS pages containing internal links to HTTP pages
Let us know which you’d like to have the most and if you want any others at
firstname.lastname@example.org. Stay tuned, as more updates are coming, and keep your website #NoHacked!
Interested in auditing your website?Give it a try now!