How can I add hsts header in apache with htaccess?


How can I add hsts header with .htaccess?

Before add hsts header with htaccess,
First, you must activate rewrite module.



First, you must activate rewrite module.
Ctrl+v this code in terminal.
sudo a2enmod rewrite

If you finished the rewrite activating, You can use htaccess in apache.

Let's add hsts header in apache with htaccess!
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains ; preload"
 Write in htaccess.
max-age=63072000 is the time hsts actives.
--------------------------------------------------------------------------
  1. Examine all subdomains (and nested subdomains) of your site and make sure that they work properly over HTTPS.
  2. Add the Strict-Transport-Security header to all HTTPS responses and ramp up the max-age in stages, using the following header values:
    • 5 minutes:
      max-age=300; includeSubDomains
    • 1 week:
      max-age=604800; includeSubDomains
    • 1 month:
      max-age=2592000; includeSubDomains
    During each stage, check for broken pages and monitor your site's metrics (e.g. traffic, revenue). Fix any problems that come up and then wait the full max-age of the stage before you move on. For example, wait a month in the last stage.
  3. Once you're confident that there will be no more issues, increase the max-age to 2 years and submit your site to the preload list:
    • 2 years, requesting to be preloaded:
      max-age=63072000; includeSubDomains; preload
    this explanation is hstspreload.org's explaination.
-------------------------------------------------------------------------
includeSubDomains means include subdomain(like *.magsty.net)

preload supports browsers uses that sites in hstspreload.(Chrome, Firefox, Opera, Safari, IE 11 and Edge)

like this, this configuration works well.


Thanks for watching and write the commet to rewrite request or question

Post a Comment

0 Comments