Security is important online. Especially now that we are spending more time in our browsers than our trousers. For Xinja it’s paramount. It’s an essential part of our tech stack and we love writing about how to keep you safe on the web. Today we are proud to announce that Xinja is the first bank in Australia to make it onto the HSTS preload list! Warning: this gets a little nerdy….
WTF is HSTS?
Don’t you love an acronym…..We all know the www and most of us are familiar with the HTTP that comes before it. Last year, Google made it clear that the more secure HTTPS should be the default for all websites. HTTPS is a more secure – hence the ‘s’ – way of sending data between your browser and a website. HTTP Strict Transport Security (aka HSTS) goes even further than that’ it’s a powerful security mechanism that increases the security of websites and your browser.
Why is web security so important for an app-only bank?
This protocol is used for all sorts of connections – like when the Xinja app connects to the Xinja platform. It’s a key connector for a bank built in the cloud so very important in the Xinja framework.
How does it work
In technical terms, HSTS removes the ability for your encrypted sessions to be downgraded from HTTPS to HTTP, ensuring all your information going back and forth is super secure. With HSTS the likelihood of attacks or hacks are significantly reduced. This new technology is available in the latest versions of all the major browsers like Chrome, Firefox and even Internet Explorer.
The preload: how it helps security
Another feature of HSTS is a preload list that is built into all modern browsers, to check if a domain is using HSTS. This forces all queries to be sent via HTTPS, without having to query the web server through HTTP to find out if strict transport security should be in use. To check which domains have made it onto this preload list, use this website: hstspreload.org You can put any bank URL in there. Put in xinja.com.au and you’ll see us come up green 🙂