Artifakt does not allow any HTTP requests. All requests made in HTTP are automatically redirected to the equivalent in HTTPS.
Artifakt natively offers HTTPS for all applications, including automatic creation and renewal of SSL certificates. Artifakt SSL certificates use the
TLS 1.3protocol (latest generation). The minimum version allowed by Artifakt is
HTTPS brings many advantages among which :
- Content integrity – Without HTTPS a malicious player could potentially eavesdrop on your network traffic and inject intrusive ads or other malware into your pages.
- Security – If some of your application is private and requires users to log in to a user account (using a form submission), HTTPS is vital for privacy and security.
- SEO – HTTPS is now a ranking criteria.
- HTTP/3 – HTTP/3 significantly improves the performance of your website (HTTP/3 requires HTTPS).
Artifakt supports 2 types of SSL certificates:
- Artifakt-managed certificates – They are free of charge and available for all Artifakt environments.
When you create a new environment on Artifakt, it will be instantly secured at the Artifakt-generated domain (for example,
https://example-eshop-67195.artifakt.dev). If you add a custom domain, we will automatically provision a certificate, enabling HTTPS on your domain. Certificates are generated and renewed automatically.
In rare circumstances, issues can occur when provisioning a certificate for some domains. You can check the status of your site’s certificates in Environment → Settings → Domains. If you’re having trouble with the automatic provisioning, do not hesitate to contact our Support team.
The majority of modern web browsers use a reference list to check whether it is necessary to connect to a website using HTTPS only for more security. This is called the HTTP Strict Transport (HSTS) preload list.
In other words, when you enter the domain name of a website in the address bar of your browser (without specifying HTTP or HTTPS), the browser will automatically prefix
http://and force the use of
HTTPSif the domain is present in this list.
Artifakt provides HSTS functionality by default to enhance the security of your websites (on all
*.artifakt.dev). For example, HSTS can be used to counter protocol downgrade attacks and cookie hijacking. You don't have to do anything, everything is managed transparently by Artifakt with a cache duration of 6 months in the browsers.
Artifakt natively uses the HTTP/3 protocol for all requests made to your website. This new generation of the protocol makes your website even faster thanks to features such as multiplexing or header compression.