How can I add hsts header with .htaccess?
Before add hsts header with htaccess,
First, you must activate rewrite module.
First, you must activate rewrite module.
Ctrl+v this code in terminal.
sudo a2enmod rewrite
If you finished the rewrite activating, You can use htaccess in apache.
Let's add hsts header in apache with htaccess!
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains ; preload"
Write in htaccess.
max-age=63072000 is the time hsts actives.
--------------------------------------------------------------------------
- Examine all subdomains (and nested subdomains) of your site and make sure that they work properly over HTTPS.
- Add the
Strict-Transport-Security
header to all HTTPS responses and ramp up themax-age
in stages, using the following header values:-
5 minutes:
max-age=300; includeSubDomains
-
1 week:
max-age=604800; includeSubDomains
-
1 month:
max-age=2592000; includeSubDomains
max-age
of the stage before you move on. For example, wait a month in the last stage. -
5 minutes:
- Once you're confident that there will be no more issues, increase the
max-age
to 2 years and submit your site to the preload list:-
2 years, requesting to be preloaded:
max-age=63072000; includeSubDomains; preload
this explanation is hstspreload.org's explaination.
-
2 years, requesting to be preloaded:
-------------------------------------------------------------------------
includeSubDomains means include subdomain(like *.magsty.net)
includeSubDomains means include subdomain(like *.magsty.net)
preload supports browsers uses that sites in hstspreload.(Chrome, Firefox, Opera, Safari, IE 11 and Edge)
like this, this configuration works well.
Thanks for watching and write the commet to rewrite request or question
0 Comments