Enabling HSTS (HTTP Strict Transport Security)

What is HSTS?

HSTS (HTTP Strict Transport Security) is a security policy for a website that helps to defend websites against protocol downgrade attacks and cookie hijacking.

It allows web servers to declare that web browsers should interact with the website using only secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF 
track protocol and is specified in RFC 6797.


Enabling HSTS


Note:
To enable HSTS for your site, you must have a valid SSL certificate already installed and activated. in case you do not have a valid SSL, and you enable HSTS anyway, visitors will be unable to access your site.

Applies to: Linux Hosting, VPS Hosting and Dedicated Servers with CentOS.

  1. navigate to the ~/public_html directory using FTP or Cpanel FileManager.

  2.  look .htaccess file and if not present create it. Open the file to edit.

  3. Copy the following line, and then paste it into the .htaccess file:

    Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

  4. Save your changes to the .htaccess file. HSTS is now enabled for your site.
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

How To Install an SSL Certificate from NetSpaceIndia under different hosting type

Introduction This tutorial will show you how to acquire and install an SSL certificate from a...

Installing SSL certificate on Magento VPS Hosting

Introduction This tutorial will show you how to acquire and install an SSL certificate from a...

Disable TLS 1.0

Applies to Linux Dedicated Server and Linux VPS Server with Cpanel InstalledDisable TLS 1.0 :PCI...