Reputation: 535
Putting hsts headers in apache using htaccess or httpd.conf
I have purchased a ssl certificate recently and have redirected all my traffic on secured https way but i want to get included in hsts preload list. For that reason i want to include hsts header. Is there any way using .htaccess or httpd.conf or if there is another way then please tell me in detail
Upvotes: 0
Views: 1523
Answers (2)
Reputation: 354
you can set the hsts header in a .htaccess file:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
@see How to set HSTS header from .htaccess only on HTTPS for more information
or with php:
header('Strict-Transport-Security: max-age=63072000; includeSubdomains; preload');
Upvotes: 3
Reputation: 1318
Also you can put HSTS header on application side, I mean PHP. Add following code top of your header.php or index.php
<?php header("strict-transport-security: max-age=600");
People who uses shared hosting does not have an access to apache.conf. So proper way to do this is putting it on apache.conf.
Upvotes: 0
Related Questions
- Warning: Unnecessary HSTS header over HTTP
- HSTS header is not seen in image /JS/CSS files
- How to disable HSTS header with HTTP?
- HSTS header (through .htaccess) not being served on Wordpress pages
- How do I implement HTTP headers into my website?
- Adding HTTP Strict Transport Security to .htaccess
- Set HSTS header in htaccess if already isn't present
- Do I need to enable HSTS in addition to forcing HTTPS in .htaccess?
- Set and check STS Header is present
- HSTS header for all resources? or documents?