What's new
By:
Advanced search…
Your Hosting Talk

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

How to Implement HSTS on your website?

hostitsmartcanada

hostitsmartcanada

New member
In this write we will be show you how to install HSTS in a website

TO install HSTS In apache web server​

Simply add this to your .htaccess file
Use HTTP Strict Transport Security to force the client to use secure connections only Header always set Strict-Transport-Security “max-age=300; includeSubDomains; preload”

To install HSTS in lighttpd​

Simply add this to your Lighttpd configuration file/etc/lighttpd/lighttpd.conf
server.modules += (“mod_setenv”) $HTTP[“scheme”] == “https” {setenv.add response-header = (“Strict-Transport-Security” => “max-age=300; includeSubDomains; preload”)}

To Install HSTS in NGINX​

Add this to your site.conf file:
add_header Strict-Transport-Security ‘max-age=300; includeSubDomains; preload; always;’

To Install HSTS in IIS Servers​

protected void Application_BeginRequest(Object sender, EventArgs e) {switch (Request.Url.Scheme) {case “https”: Response.AddHeader(“Strict-Transport Security”, “max-age=31536000; includeSubDomains; preload”); break; case “https”: var path = “https://” + Request.Url.Host = Request.Url.PathAndQuery; Response.Status = “301 Moved Permanently”;
Response.AddHeader(“Location”, path); break; }}
 
To implement HSTS (HTTP Strict Transport Security) on your website, you will need to do the following:

  1. Add the "Strict-Transport-Security" header to your server's HTTP response. The header should include a "max-age" value, which determines how long the browser should remember to only connect to your website over HTTPS. For example:
Copy code
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
  1. Ensure that all resources on your website are being served over HTTPS. This includes all images, scripts, and other files that are needed to load the page.
  2. If your website uses a subdomain, you can use the "includeSubDomains" directive to apply HSTS to all subdomains as well.
  3. If you want your website to be included in the HSTS preload list, you can use the "preload" directive. This will inform the browser that your website should always be accessed over HTTPS, even before the user has visited your website.
  4. Test the implementation by visiting your website over HTTP and verifying that it redirects to HTTPS.
  5. If you want to remove HSTS from your site, you can do so by removing the header from your server and remove your domain from the HSTS preload list.
Note: HSTS should be implemented with care, as it can cause issues if not implemented correctly.
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top