How to enable HTTP Strict Transport Security (HSTS) through .htaccess?

Enabling HTTP Strict Transport Security (HSTS) in your website can help to protect your users from certain types of attacks, such as man-in-the-middle attacks. You can enable HSTS through your website's .htaccess file by adding the following code:


Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

This code sets the Strict-Transport-Security header to ensure that all communication with your website is done over HTTPS for a period of one year (31536000 seconds). It also includes subdomains and enables preloading of the HSTS policy.

Note that once you enable HSTS, it may take some time for browsers to start enforcing the policy. Therefore, it is recommended to start with a short max-age value and gradually increase it over time.

Comments

Leave a Reply