HSTS - HTTP Strict Transport Security

HTTPS .htaccess HSTS - HTTP Strict Transport Security

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that enforces the use of HTTPS, the secure version of HTTP, for all communication with a particular website. By instructing browsers to always use HTTPS, HSTS helps prevent man-in-the-middle attacks and ensures data transmitted between the user and the website remains encrypted.

Headers

Strict-Transport-Security: max-age= - sets the HSTS validity time period for a specific site.

Strict-Transport-Security: max-age=; includeSubDomains - sets the time period and specifies that the HSTS technology applies to the main domain and its subdomains.

Strict-Transport-Security: max-age=; preload - specifies to the browser the period of HSTS validity and inclusion of the site in the Preload List.

Configuring HSTS in .htaccess

Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

Configuring HSTS in Apache

<VirtualHost 127.0.0.1:443>
  Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
</VirtualHost>

Configuring HSTS in Nginx

add_header Strict-Transport-Security “max-age=31536000; includeSubDomains” always;
Updated at 30 December 2024 Created at 4 December 2024
Useful Links
domsignal.com
HSTS (HTTP Strict Transport Security) Test
Similar Articles
Useful redirects with .htaccess
Discover how to effectively implement URL redirects using the .htaccess file. Improve SEO and user experience with our guide.
Minimal preparation for the launch of the website
Discover the essential steps to launching your website efficiently. Skip the unnecessary hassle and get your site live in no time.