Secure Shopping

Wild & Wonderful Body Care uses Secure Sockets Layer (SSL) technology and HTTP Strict Transport Security (HSTS) to provide you with the safest, most secure shopping experience possible. Most handcrafters’ online stores use only SSL, very few provide the extra layer of HSTS protecion.

What is SSL Technology?

SSL stands for Secure Sockets Layer and, in short, it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information).

It does this by making sure that any data transferred between users and sites, or between two systems remain impossible to read. It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. This information could be anything sensitive or personal which can include credit card numbers and other financial information, names and addresses.

TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to security certificates as SSL because it is a more commonly used term.

HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.

What is HSTS?

HSTS is a response header that informs a browser that enabled websites can only be accessed via HTTPS. This forces your browser to only being able to access the HTTPS version of the website and any resources on it.

Enabling HSTS will stop SSL protocol attacks and cookie hijacking, two additional vulnerabilities in SSL-enabled websites. And in addition to making a website more secure, HSTS will make sites load quicker by removing a step in the loading procedure.

Enabling HSTS forces the browser to load the secure version of a website, and ignores any redirect and any other call to open an HTTP connection. This closes the redirection vulnerability that exists with a 301 and 302 redirect.

There is a negative side even to HSTS, and that is that a user’s browser has to see the HSTS header at least once before it can take advantage of it for future visits. This means that they will have to go through the HTTP > HTTPS process at least once, leaving them vulnerable the first time they visit an HSTS-enabled website.

To combat this, Chrome preloads a list of websites that have HSTS enabled. Users can submit HSTS-enabled websites to the preload list themselves if they fit the required (simple) criteria.

Websites added to this list will be hardcoded into future versions of Chrome updates. It makes sure that everyone who visits your HSTS enabled websites in updated versions of Chrome will stay secure.

Firefox, Opera, Safari and Internet Explorer have their own HSTS preload list, but they are based on the Chrome list on is preloaded on the Chrome list providing our customers the most secure shopping experience possible.