Menu
Can anybody tell me how to enable HSTS in Apache server. What are the security features of enabling this?
906
HSTS is a HTTP header telling the client that a certain domain/subdomain should always be accessed by HTTPS protocol.
In your httpd.conf goes:
# Optionally load the headers module:
LoadModule headers_module modules/mod_headers.so
<VirtualHost 67.89.123.45:443>
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
</VirtualHost>
(Taken from this article.)
I would suggest starting with a small max-age, so your site will work in a few moments in the case you screw up.
95
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
