https

Since last April in 2016, the main BBC Homepage has been accessible only via HTTPS, which I thought was a good step forward, heading in the right direction. However, most pages or URLs still use insecure HTTP. Trying to navigate to a page while manually typing HTTPS in the browser address bar will force a 301 re-direct to HTTP. Here’s an example of cURL while navigating to /news/ path: $ curl -IL https://www....

I’ve seen plenty of websites that use https but don’t force it by default, this isn’t considered a good security practice and should be resolved promptly. Below lists five of the most popular web servers (Nginx, Apache, IIS, OpenLitespeed and Lighttpd) configurations to force HTTPS by default. All tests were carried out on a local Debian Stretch server with the exception of IIS. All http:// requests will be (301) Moved Permanently to https:// with respected request path....