HTTP versus HTTPS

The IBM® NS1 Connect® platform supports URL redirects over HTTP or HTTPS.

The number of URL redirects over HTTPS available depends on the type of plan that you have. You can view your plan type and usage limits on the Usage page.

HTTP (Hypertext Transfer Protocol) is a generic request and response protocol that transmits plain text, unencrypted data between a requesting client, a web browser, and an application server. HTTP supports flexible, nonsecure communication regardless of who requests access to a URL or their intention. The downside to this approach is the security risks that it introduces due to the potential exposure of sensitive data to unauthorized third parties.

In response to these security risks, the Hypertext Transfer Protocol Secure (HTTPS) protocol secures the data transfer through Secure Socket Layer (SSL) or Transfer Layer Security (TLS) encryption. SSL/TLS certificates contain public encryption keys that secure the connection to prevent unauthorized third parties from intercepting data in transit. The certificate is also used to validate the website's authenticity, ensuring that the client communicates with the true authority for the domain. In addition to added security, websites that use the HTTPS protocol are ranked higher by search engines than HTTP sites.

You can enable or even enforce communication over HTTPS in the URL redirect configuration.

  • If HTTPS is enabled but not enforced, incoming requests that use HTTP or HTTPS protocol are redirected.
  • If HTTPS is enforced, the platform responds to requests that use HTTP with an HTTP Strict-Transport-Security (HSTS) header to indicate that the requested site is only accessible over HTTPS. Future attempts are converted automatically to HTTPS.

When you enable HTTPS on a redirect configuration, NS1 Connect automatically generates an SSL/TLS certificate for the domain that is associated with a source URL.

Attention: Do not create a URL redirect over HTTPS if the domain name in the source URL is part of a dual primary configuration with another DNS provider. The certificate authority (CA) will not issue the certificate to NS1 Connect because it will be unable to validate ownership of the domain name.

You can view your certificates by going to Redirects > SSL/TLS certificates.