Enabling HSTS (HTTP Strict Transport Security)

  Print

Enabling HSTS (HTTP Strict Transport Security)

HSTS is a tool that tells browsers to only use SSL for all futurere quests to a website. It strengthens SSL by preventing many common attacks against it (such as protocol attack and cookie hijacking).
Enabling HSTS is simple

Step 1 - Access and edit your .htaccess file. Click here for a guide if you're unsure how to do that.


Step 2 - Add this line to the top of the file:

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS


Step 3 - Hit Save Changes on the top right of the screen




Did you find this article useful?  

Related Articles

© Crucial