What is HTTP status code 307 and what does it have to do with HSTS? - ­čĆć Managed Server

BLOG

November 2, 2023

What is HTTP status code 307 and what does it have to do with HSTS?

Speed ÔÇőÔÇőand Security: How HTTP 307 Redirection via HSTS Boosts Google Core Web Vitals and SEO

Browsing the Internet is an action we perform every day, often without reflecting on the complex mechanisms that allow us to access a web page or guarantee the security of the data we transmit. One of the lesser-known but fundamental aspects for the security and correct management of web traffic is represented by HTTP status codes and protocols such as HSTS. In this article, we will focus on a particular status code, 307, and its relationship with HSTS, explaining how the latter influences the behavior of browsers and the Googlebot.

Introduction to HTTP Status Codes

To understand the context of HTTP code 307, it is essential to have a basic idea about HTTP status codes. These codes are part of the response that a web server provides following a request sent by a client, typically a browser. The codes inform the client about the outcome of the request: whether it completed successfully, whether additional actions are required, or whether errors occurred.

Status codes are divided into five classes:

  • 1xx (Informational): Communicate the process of an ongoing request.
  • 2xx (Success): Indicate that the request was received, understood and processed correctly.
  • 3xx (Redirects): They signal that further action must be taken to complete the request, often a redirect to another URL.
  • 4xx (Client Errors): Error processing the request for reasons attributable to the client.
  • 5xx (Server Errors): Indicate failures in the processing of a request due to problems on the server.

HTTP Status Code 307

Code 307 Temporary Redirect indicates that the resource requested by the client has been temporarily moved to another URI. Unlike other redirect codes, 307 preserves the HTTP method used in the original request, be it GET, POST or other, ensuring that there are no changes during the temporary transfer. This feature is crucial for maintaining the integrity of requests and for the correct functioning of web applications that depend on specific request methods.

The Importance of Maintaining the Method

When a client sends a POST request that involves a data transmission, such as a login form or an online shopping cart, it is vital that the data sent is not lost or misinterpreted along the way. If a redirect changed the method from POST to GET, for example, data could become visible in the URL or even lost. The 307 code ensures that this doesn't happen by ensuring that the request continues to use the same HTTP method until it reaches its final destination.

HSTS and Its Role in Redirects

HSTS, the acronym for HTTP Strict Transport Security, is a security mechanism that forces browsers to communicate with the server exclusively via secure HTTPS connections. When a site implements HSTS, the browser is instructed not to accept insecure connections and to automatically convert all requests to HTTPS, even if the user or a link explicitly indicates HTTP.

This transformation occurs via an internal browser redirect that appears as an HTTP 307 status code. However, it is important to note that this redirect is an action performed by the browser in response to the server's HSTS directives and not a classic HTTP redirect sent by the server same.

Googlebot and the Interaction with 307/HSTS

When it comes to the interaction of Googlebot, Google's crawler, with HSTS redirects, it is crucial to understand how they affect the indexing of the site. Google's John Mueller explained in the 'Ask Google Webmasters' video that, in short, Googlebot does not interact with 307 redirects. Why? Simply because they are not real redirects from the server's point of view.

Googlebot, when accessing a page, does so with a neutral approach, without storing HSTS policies, and therefore accesses the HTTP URL directly. If the latter is redirected, as often happens when a site supports both HTTP and HTTPS, Googlebot will follow that redirect. So, while a browser may present a 307 redirect following an HSTS policy, Googlebot does not ÔÇťseeÔÇŁ this redirect and ignores it completely.

Google Core web Vitals and HSTS

I Core Web Vitals by Google are a set of specific metrics that measure the health and performance of a web page, considering aspects such as loading, interactivity and visual stability. These factors are fundamental to the user experience and, consequently, to the SEO positioning of a site. In this context, the speed with which a site responds and redirects users from HTTP to HTTPS can have a significant impact on these metrics.

The HTTP 307 redirect that occurs due to HSTS can be seen as a valuable ally for i Core Web Vitals. Unlike a 301 redirect, which requires an additional round trip to the server to complete the protocol switch from HTTP to HTTPS, the 307 is nearly instantaneous as it is performed internally by the browser without the need to communicate with the server.

TTFB-HSTS-307-HTTP-Redirect

This means that the loading time of a page initially requested via HTTP can be drastically reduced if the browser has already stored the site's HSTS policy, allowing users to reach the secure version of the site faster.

This reduction in redirection times can have a positive impact on Largest Contentful Paint (LCP) and First Input Delay (FID) metrics, two of the three Core Web Vitals, as both are sensitive to how quickly a page responds. In terms of CRUX, the Chrome User Experience Report, quick redirects like those provided by HSTS can help improve the aggregate data that Google uses to analyze a site's performance. Since the CRUX report is updated every 28 days, consistency in maintaining minimum redirect times can positively influence SEO ranking over time, reflecting a superior user experience and a greater likelihood of meeting the thresholds recommended by the Core Web Vitals.

In summary, a strategic implementation of HSTS not only improves site security, but can also offer a competitive advantage in terms of speed of access to web resources. This synergy between security and performance is an excellent example of how technical decisions directly influence the visibility and online success of a site

Implications of HSTS for SEO and Security

For SEO, it is critical that all URLs are accessible and indexed in the HTTPS version, especially if HSTS is enabled, to ensure that search engines are accessing the version of the site we want to appear in search results. If you are migrating from HTTP to HTTPS, it is important to use proper 301 redirects to help Google discover new links, as HSTS is not a link discovery tool. HSTS should be used in conjunction with actual redirects to ensure users land on safe pages.

Conclusions

In conclusion, HTTP status code 307 in relation to HSTS plays a crucial role in ensuring that web communications are secure and that user requests are correctly routed to their final destination. For webmasters and SEO specialists, it is vital to understand the impact of these mechanisms on Googlebot and indexing, while for system administrators it is essential to ensure that HSTS is configured correctly to maintain high site security performance.

With the ever-increasing importance of web performance and security, topics such as these are increasingly relevant in the Linux hosting and systems landscape, especially for platforms such as CMS and e-commerce, where user trust and data protection are of primary importance. Discussing it and deepening your knowledge is not just a question of compliance, but a real imperative to guarantee the quality of the service offered to end users.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat┬«, RHEL┬«, RedHat Linux┬«, and CentOS┬«; AlmaLinuxÔäó is a trademark of AlmaLinux OS Foundation; Rocky Linux┬« is a registered trademark of the Rocky Linux Foundation; SUSE┬« is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu┬«; Software in the Public Interest, Inc. holds the rights to Debian┬«; Linus Torvalds holds the rights to Linux┬«; FreeBSD┬« is a registered trademark of The FreeBSD Foundation; NetBSD┬« is a registered trademark of The NetBSD Foundation; OpenBSD┬« is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle┬«, MySQL┬«, and MyRocks┬«; Percona┬« is a registered trademark of Percona LLC; MariaDB┬« is a registered trademark of MariaDB Corporation Ab; REDIS┬« is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX┬« and NGINX Plus┬«; Varnish┬« is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento┬«; PrestaShop┬« is a registered trademark of PrestaShop SA; OpenCart┬« is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress┬«, WooCommerce┬«, and JetPack┬«; Open Source Matters, Inc. owns the rights to Joomla┬«; Dries Buytaert holds the rights to Drupal┬«. Amazon Web Services, Inc. holds the rights to AWS┬«; Google LLC holds the rights to Google CloudÔäó and ChromeÔäó; Microsoft Corporation holds the rights to Microsoft┬«, Azure┬«, and Internet Explorer┬«; Mozilla Foundation owns the rights to Firefox┬«. Apache┬« is a registered trademark of The Apache Software Foundation; PHP┬« is a registered trademark of the PHP Group. CloudFlare┬« is a registered trademark of Cloudflare, Inc.; NETSCOUT┬« is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch┬«, LogStash┬«, and Kibana┬« are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner┬«; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel┬«, LLC owns the rights to cPanel┬«; Plesk┬« is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook┬«. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER┬« is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.

JUST A MOMENT !

Would you like to see how your WooCommerce runs on our systems without having to migrate anything? 

Enter the address of your WooCommerce site and you will get a navigable demonstration, without having to do absolutely anything and completely free.

No thanks, my customers prefer the slow site.
Back to top