HTTP Strict Transport Security (HSTS) is a web security policy which helps to protect websites against hijacking or Man-in-the-Middle (MitM) attacks. It allows web servers to declare that web browsers to only interact with your website using secure HTTPS connections, and never via the insecure HTTP protocol.
- Log into your Plesk or Conetix Control Panel.
- Confirm you have met all the prerequisites by going to the hosting settings and confirming to following:
- SSL/TLS support under security is ticked
- Permanent SEO-safe 301 redirect from HTTP to HTTPS is ticked
- A valid certificate is selected
- Navigate to 'Apache & nginx Settings':
- Enter the code following code into the Additional nginx directives:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
Then click Ok.
- You have now successfully added HSTS to your site, with an expiry of 365 days.