How to activate HSTS for your domain

What is HSTS?

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections, and never via the insecure HTTP protocol.

What is required?

In order for HSTS to function, you must have:

an SSL/TLS certificate (included and pre-installed for free by default for all xneelo domains)
a forced redirect to HTTPS setup on the domain.

How to activate

HSTS can be set up on a domain by adding the following code to the .htaccess file of the domain:

Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

Search for a domain

Transfer a domain

Web Hosting

Managed WordPress Hosting

Volume Plan

Managed Servers

Self-Managed Servers

Colocation

Recent Insights

Advice

News

Product Updates

Customer Stories

Guides

Contact us

Help Centre

Network Status

Introducing the xneelo Control Panel

How to activate HSTS for your domain

What is HSTS?

What is required?

How to activate

Feedback

Was this article helpful?

Expert advice & more, straight to your inbox.

Products

Company

Assist

Legal

Thanks for watching our video!

Email-this-article form

How to activate HSTS for your domain

What is HSTS?

What is required?

How to activate

Feedback

Was this article helpful?

Related Posts:

Expert advice & more, straight to your inbox.

Social Media

Products

Company

Assist

Legal