Web Optimizing

[et_pb_section][et_pb_row][et_pb_column type=”4_4″][et_pb_text]

Secure websites: httpS:// (not http://) like this one used to be a curiosity and a minority-
Now there are no pages that should NOT use https,  also known in general as “SSL” or Secure Socket Layer protocol.
Whether or not you Take Payments nor even have Forms to Fill.. It ensures that ALL traffic to and from your Browser (Chrome, etc) to the final intended destination are properly obfuscated so none of the hundreds of machines and networks along the way can, even with sophisticated technology, snoop what is going on between the two of you.
Right now, you are reading these words off my own Web Server into your own Browser without any
person in the middle seeing anything more than a binary mishmash of unintelligible  data.
Someone  Human might look over your shoulder.

They might install software on your machine to ‘record’ what’s going on
But, at least in the transport- Not
EVEN IF you are connected to a passwordless WIFI this remains true. It actually does not matter, security-wise, whether your WIFI has a password or not, because your data camnnot be snooped between the endpoints.
Why does a WIFI password matter?
It prevents Strangers sneaking in when you do not want them to and using up all your speed and incriminating you in Criminal Activities.
Despite “SSl” (httpS://, your IP address usage may be tracked, by the way.

It’s up for grabs the opinion that the NSA could unobfuscate it- But we are mainly concerned with Daily Life, not the Dark Web here.

For historical reasons, most websites respond to BOTH types of request- secure & insecure- with exactly thr same appearance- But once is insecure, the other not. 
Why not simply turn off the Insecure pages? For historical reasons, that’s why.. in case sites still exist that ONLY reply to the OLD insecure standard and are not set use the new one- Yet. 
So! On YOUR website, make sure it DOES respond on the OLD (http://) insecure protocol but immediately gets redirected to the PROPER and SECURE site https://

HEre is the Code to do that in the root folder of your web server in a configuration fiel that controls how Apache, the Web Server, behaves:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

Ill write more on this a bit later- But i wanted to get this Out There to Remind Myself!



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.