This document provides recommendations for implementing website security standards for the Norwegian government. It begins with background information on HTTPS and what it does and does not do. It then recommends implementing the newest version of TLS, using strong cipher suites with forward secrecy and authenticated encryption. The recommendations also include using certified implementations if possible, trusted certificate authorities, HTTP Strict Transport Policy, certificate pinning, and hardware key protection. Finally, it discusses potential benefits such as increased trust, requirements from other actors, and implementation costs as well as consequences for technologies like HTTP/2 and security headers.