HTTP versus HTTPS

The IBM® NS1 Connect® platform supports URL redirects over HTTP or HTTPS.

Note: The URL redirects feature is available only in the NS1 Connect Premium plan.

HTTP (Hypertext Transfer Protocol) is a generic request and response protocol that transmits plain text, unencrypted data between a requesting client, a web browser, and an application server. HTTP supports flexible, nonsecure communication regardless of who requests access to a URL or their intention. The downside to this approach is the security risks that it introduces due to the potential exposure of sensitive data to unauthorized third parties.

In response to these security risks, the HTTPS (Hypertext Transfer Protocol Secure) protocol secures the data transfer through SSL (Secure Socket Layer) or TLS (Transfer Layer Security) encryption. SSL/TLS certificates contain public encryption keys that secure the connection to prevent unauthorized third parties from intercepting data in transit. The certificate is also used to validate the website's authenticity, ensuring that the client communicates with the true authority for the domain. In addition to added security, websites that use the HTTPS protocol are ranked higher by search engines than HTTP sites.

You can enable or even enforce communication over HTTPS in the URL redirect configuration.

  • If HTTPS is enabled but not enforced, incoming requests that use HTTP or HTTPS protocol are redirected.
  • If HTTPS is enforced, the platform responds to requests that use HTTP with an "HTTP Strict-Transport-Security (HSTS)" header to indicate that the requested site is only accessible over HTTPS. Future attempts are converted automatically to HTTPS.

When you enable HTTPS on a redirect configuration, the NS1 Connect platform automatically generates an SSL/TLS certificate for the domain that is associated with a source URL.

Warning: Do not create a URL redirect over HTTPS if the domain name in the source URL is part of a dual primary configuration with another DNS provider. The certificate authority (CA) will not issue the certificate to NS1 Connect because it will be unable to validate ownership of the domain name.

You can view your certificates by going to Redirects > SSL/TLS certificates.