During development, there may be a good reason for visiting your website over an insecure connection for testing purposes.
However, your production or live web apps should only ever allow traffic over HTTPS. Fortunately, RunCloud makes it easy to deploy free SSL certificates for all of your web applications – in other words, there is no excuse not to secure your server.
However, there may be times when a client tries to use an insecure connection, but you want to force them to use a secure connection. This is where HSTS comes in.
HSTS stands for HTTP Strict Transport Security, which helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.
Enabling the HSTS option will ensure all connections are always forced to be secure and made over HTTPS requests. The benefits of serving everything on your website over HTTPS means SSL is enabled and encrypts all text protocols that pass to and from your website.
You can quickly enable HSTS from the SSL/TLS settings page in the RunCloud dashboard.
HSTS is the best option you can use for ensuring complete security to reduce the risk of hacking and sharing of sensitive information, and not allowing any insecure connections to pass through your website.
However, you should keep in mind that if you have enabled the HSTS connection, any of your existing visitors will not be able to connect to your website without a valid SSL certificate, even if you disable HSTS in the future.
Any connection that does not strictly adhere to HTTPS will be terminated. This also includes the invalid certificates as well as certificates that have been expired.
Essentially, it means that when you commit, you are agreeing that your server will remain secure and only use secure connections.