JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Always on SSL

Online trust


Is it useful to remind it? Trust is essential to any online exchange particularly since the boom of e-commerce.

It is assured by a reliable security and therefore by the use of SSL/TLS protocol.

But the approach is often incomplete. Instead of securing only forms or login pages, one should extend HTTPS to the whole site. That's what Always on SSL is about.

Always On SSL, what is it?


Created by OTA (Online Trust Alliance), Always On SSL is a list of recommendations guarantying the webuser security from the first to the last page of a website. The only real way to achieve it being the extension of the HTTPS security to every page of the website.

Always On SSL is [...] not a product, service, or replacement for your existing SSL certificates, but rather an approach to security that recognizes the need to protect the entirety of a user’s session, not just the login screen.

Extract of the recommendations


  • AVOID MIXED CONTENT

    Mixed content stands for web pages with both secured and unsecured content.

  • EXTEND SSL SECURITY TO EACH PAGES OF THE WEBSITE

    The risk, when only securing log on pages, is to neglect the confidentiality of information contained in cookies such as session data. The latter, easily intercepted by hackers, can give them access to login, password and any other information enabling them to hack your accounts (on social networks for example).



SideJacking: Salvaging information from unsecured cookies.
SSLStrip: Redirection of HTTPS pages to their HTTP counterparts.


  • USE HSTS

    It is a server configuration indicating browsers that the website must be contacted in HTTPS only. It is the safer way to avoid an Man In The Middle (MITM) attack.

Further information


OTA documentation