Tiempo estimado de lectura: 1 minutos

How can I activate HSTS?

The HTTP Strict-Transport-Security (often abbreviated as HSTS) response header allows a website to tell browsers that it can only be accessed using HTTPS, rather than HTTP.

You can enable it by adding the following to your .htaccess file

Header set Strict-Transport-Security “max-age=5184000; includeSubDomains; preload”

The “max-age” is the time in days you want the notice to be cached, the above would default to 60 days.

Note that if you set this header, the site will only load over HTTPS.

For example, while people can normally click through a browser warning about a name mismatch or expired certificate, browsers don’t allow that click through for hostnames with an active HSTS header. It also means that if they ever move the site to a web hosting provider that does not support HSTS or if they wish to remove the certificate, they will not be able to do so and their site will be unavailable.

¿Te ha sido util esta lección? Vota para poder enviarnos tu Feedback
No me gusta 0 0 de 0 han encontrado esta lección util.
Vistas: 10

Still have doubts?

We don't, we want to help you

Contact Us

2022 ©️ WAOPRESS. ALL RIGHTS RESERVED. PRIVACY | LEGAL NOTICE | COOKIE POLICIES | HOLA@WAOPRESS.COM