Towy Web Designs

Towy Web Designs

Web Design & Eco Hosting
with Free SSL Certificates

Get in Touch Now

Enabling HSTS

Enabling HSTS

Enabling HSTS is essential now that you’ve got your SSL Certificate installed as you are still not safe as hackers can still get around it by ‘Man in the Middle attacks’.

With the SSL cerificate installed your website will still be accessible via https but you can still open your website with http. To prevent this from happening you need to enable HSTS in your headers. The http headers can be setup in the root .htaccess file, which is a hidden file on the web server and usually found in public_html. This means that you are declaring that your website is only accessible over a secure connection (HTTPS).

Enabling HSTS

To enable HSTS simply add this code to the top of your root .htaccess file:

Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

Before playing with this file you should always make a backup, if you get it wrong then you could break or kill your website. The backup will help you getting your website back up and running again.

Website Security Service

As part of our Web Security Service we can secure your website with other web security measures including enabling HSTS.

More Information (External Links)

Test your SSL Certificate

Qualys SSL Server Test >> (external link, opens in a new tab)

Now with HSTS enabled, Qualys have given this website an A+

Qualys SSL Server Test

Chrome’s HTTP Strict Transport Security (HSTS) preload list

This form is used to submit domains for inclusion in Chrome’s HTTP Strict Transport Security (HSTS) preload list. This is a list of sites that are hardcoded into Chrome as being HTTPS only.

Chrome’s HSTS Preload List

If you would like to enable HSTS on your website or want the full
Website Security Service then please Contact Us Now! and we will set it up for you for peace of mind.