We all understand it is important for our sites to operate using https from a security perspective. Not using https leaves sites vulnerable to a variety of security issues. Additionally, way back in 2014 Google announced that whether or not a site using https was becoming a ranking signal that influences whether or not a site is shown in search results inn the following post in Google Search Central: HTTPS as a ranking signal
However, even if a site supports https, browsers don't necessarily know that, and so first requests to a site are frequently make using http and then switched to https by the server. The HTTP Strict Transport Security header, or HSTS allows a site to effectively enforce the use of HTTPS. By sending the HSTS header with suitable parameters, the server informs the visiting browser that only the HTTPS version of the requested site is available, and plain HTTP will not be served. To avoid redirects at the start of every visit to the site, the browser remembers this information for the duration specified in the response header.
And if your site follows best practices, it can be submitted to the Chromium HSTS preload list. If your site is on the preload list then many browsers (including Chrome, Firefox, Opera, Safari, Internet Explorer and Microsoft Edge) know to communicate with your site using https and will never use http. You can find out more, and determine the HSTS preload status and eligibility of your domains by visiting hstspreload.org.
For this week's poll I ask whether any or all of your sites are using HSTS and are on the preload list, or whether you plan to implement HSTS. Besides voting in the poll, please share your thoughts in a post.
Speaking for myself, I can say that we are working to place all of our sites on the HSTS preload list. It is a new project for us, and this week we have implemented HSTS headers on our first site, and expect to submit that site to the preload list this week.
Michael