HTTP Strict-Transport-Security (HSTS)

Marc Wag­ner

July 16, 2022

1 min read|

HSTS stands for HTTP Strict Trans­port Secu­ri­ty. It is a hea­der spe­ci­fi­ca­ti­on that tells the brow­ser of the page visi­tor that for a spe­ci­fied peri­od of time (max-age), com­mu­ni­ca­ti­on should take place exclu­si­ve­ly via a secu­re con­nec­tion (HTTPS).

How to enable the HSTS header on Plesk for Linux #

  1. Sign in to Plesk.
  2. Go to Web­sites & Domains > Hos­ting Set­tings and enable the “Per­ma­nent SEO-safe 301 redi­rect from HTTP to HTTPS” opti­on the­re.
  3. Then go to Web­sites & Domains > Apa­che & nginx set­tings.
  4. Now enter the fol­lo­wing the­re and save the chan­ges after­wards.
    1. Apa­che, addi­tio­nal ins­truc­tions for HTTPS:
      add_header Hea­der always set Strict-Tran­s­­port-Secu­ri­­ty “max-age=31536000”
    2. Addi­tio­nal nginx direc­ti­ves:
      add_header Strict-Tran­s­­port-Secu­ri­­ty “max-age=31536000” always;

That was it alre­a­dy. You have acti­va­ted the HSTS hea­der for your domain.

88e86fcb816eff22bc917094df2862d8dd5c0e978b333e6dd5f36f808990c261 96

Arti­kel von:

Marc Wag­ner

Hi Marc here. I’m the foun­der of Forge12 Inter­ac­ti­ve and have been pas­sio­na­te about buil­ding web­sites, online stores, appli­ca­ti­ons and SaaS solu­ti­ons for busi­nesses for over 20 years. Befo­re foun­ding the com­pa­ny, I alre­a­dy work­ed in publicly lis­ted com­pa­nies and acqui­red all kinds of know­ledge. Now I want to pass this know­ledge on to my cus­to­mers.

Hast du eine Fra­ge? Hin­ter­lass bit­te einen Kom­men­tar