HTTP Strict Transport Security (HSTS) is a web security policy which helps to protect websites against hijacking or Man-in-the-Middle (MitM) attacks. It allows web servers to declare that web browsers to only interact with your website using secure HTTPS connections, and never via the insecure HTTP protocol.

Note: Make sure 100% of all links have been redirected and that any CMS (eg WordPress) have been properly configured before adding the HSTS header as you can’t roll the change back.


  1. Log into your Plesk or Conetix Control Panel.
  2. Confirm you have met all the prerequisites by going to the hosting settings and confirming to following:
    1. SSL/TLS support under security is ticked
    2. Permanent SEO-safe 301 redirect from HTTP to HTTPS  is ticked
    3. A valid certificate is selected 
  3. Navigate to ‘Apache & nginx Settings’:
    plesk onyx - enable hsts for a domain
  4. Enter the code following code into the Additional nginx directives:

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    Then click Ok.

  5. You have now successfully added HSTS to your site, with an expiry of 365 days.

Was this article helpful?

Related Articles