How to Enable HTTP Strict Transport Security (HSTS) on a website using Apache htaccess

Question 1

How can I enable HTTP Strict Transport Security (HSTS) on my website by modifying .htaccess file? I am using Apache web server.

Question 2

Edit your .htaccess file to add the following line:

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

The above line will enable HTTP Strict Transport Security (HSTS) on your website. This will tell browsers to load your website & its subdomains using HTTPS. Here I have set the max-age to 365 days. You can change the value as per your wish.

If you stop using HTTPS on your website, browsers will give error whenever a user will try to access your website. So, make sure you continue supporting HTTPS on your website after enabling HSTS..

pkumar81 · Answer 1 · 2018-12-20T22:33:10+0000

Edit your .htaccess file to add the following line:

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

The above line will enable HTTP Strict Transport Security (HSTS) on your website. This will tell browsers to load your website & its subdomains using HTTPS. Here I have set the max-age to 365 days. You can change the value as per your wish.

If you stop using HTTPS on your website, browsers will give error whenever a user will try to access your website. So, make sure you continue supporting HTTPS on your website after enabling HSTS..

How to Enable HTTP Strict Transport Security (HSTS) on a website using Apache htaccess

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Related questions

Categories