HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.
It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone. HSTS is an IETF standards track protocol and is specified in RFC 6797.
How to force SSL protocol on your website
ou can activate HSTS or force https:// via existing SSL already installed on your website. Please make sure that you have valid SSL. If you don't, we offer free unlimited Lifetime SSLs with free installation!
HSTS activation via .htaccess file
Please find .htaccess file inside public_html folder. If you don't see it, please enable "show hidden files" inside cPanel File Manager. If you use regular FTP like Filezilla, file will be visible inside public_html folder. Please add following lines inside .htaccess:
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Header set Strict-Transport-Security "max-age=31536000" env=HTTPSThen save .htaccess file. Test your website by going to http://yoursitehere. It will instantly redirect to secured Apache port or https://
If you need any assistance with HSTS activation or SSL installation, please don't hesitate to contact us at any time!
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article