How do I activate HTTP Strict Transport Security (HSTS)? Print

  • ssl, hsts
  • 1

 

HTTP Strict Transport Security (HSTS) is a security mechanism in which a website informs the browser that all future requests must be made via HTTPS. Using HSTS will force all future requests to the current domain name to use https: // URLs, even if the user tries to access links using http: // URLs.

You can enable HSTS headers by adding the following to a .htaccess file in your application's web root directory ( public_html ):

 

Once you've enabled HSTS, you're committed to SSL. You won't be able to go back to plain HTTP for your application.

# Using this header, any browser accessing the site via HTTPS will not

# be able to access the regular HTTP site for a year (31536000 seconds).

# Once you start using this, you shouldn't stop using SSL on your site or

# your returning visitors won't be able to access your site.

Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS

Was this answer helpful?

« Back