How do you enable HSTS on a website using Apache with .htaccess? Print

  • 2

To enable HTTP Strict Transport Security (HSTS) on an Apache server using a .htaccess file, you will need to add the Strict-Transport-Security header. Here's how to do it:

  1. Open the .htaccess file in the root directory of your website. If it doesn't exist, you can create one.

  2. Add the following lines to your .htaccess file:

<IfModule mod_headers.c>
    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>

The max-age=31536000 directive tells the browser to request this site over HTTPS for the next year (the time is in seconds). The includeSubDomains directive applies this rule to all of the site's subdomains as well.

Please note that enabling HSTS will instruct browsers to only access your site via HTTPS. This will continue even if you remove the HSTS header from your .htaccess file. Therefore, ensure your site is properly configured for HTTPS before enabling HSTS.


Was this answer helpful?

« Back