HTTP Strict Transport Security (HSTS) is a web security policy which helps to protect websites against hijacking or Man-in-the-Middle (MitM) attacks. It allows web servers to declare that web browsers to only interact with your website using secure HTTPS connections, and never via the insecure HTTP protocol.
- Log into your Plesk or Conetix Control Panel.
- Confirm you have met all the prerequisites by going to the hosting settings and confirming to following:
- SSL/TLS support under security is ticked
- Permanent SEO-safe 301 redirect from HTTP to HTTPS is ticked
- A valid certificate is selected
- Select SSL/TLS Certificates:
- Enable HSTS via the slider:
- This will then ask if you wish to enable for all subdomains and the expiry time. We recommend double checking before enabling for all subdomains and leaving it set at the default 6 months.
- Click Enable HSTS to save.
- Test your site to ensure it’s working as expected.