HTTP Strict Transport Security (HSTS) is a web security policy which helps to protect websites against hijacking or Man-in-the-Middle (MitM) attacks. It allows web servers to declare that web browsers to only interact with your website using secure HTTPS connections, and never via the insecure HTTP protocol.


Make sure 100% of all links have been redirected and that any CMS (eg WordPress) have been properly configured before adding the HSTS header as you can’t roll the change back.


  1. Log into your Plesk or Conetix Control Panel.
  2. Confirm you have met all the prerequisites by going to the hosting settings and confirming to following:
    • SSL/TLS support under security is ticked
    • Permanent SEO-safe 301 redirect from HTTP to HTTPS  is ticked
    • A valid certificate is selected 
  3. Select SSL/TLS Certificates:
    plesk onyx - enable hsts for a domain
  4. Enable HSTS via the slider:
    plesk onyx - enable hsts for a domain
  5. This will then ask if you wish to enable for all subdomains and the expiry time. We recommend double checking before enabling for all subdomains and leaving it set at the default 6 months.
    plesk onyx - enable hsts for a domain
  6. Click Enable HSTS to save.
  7. Test your site to ensure it’s working as expected.
Was this article helpful?

Related Articles