{"id":14333,"date":"2022-09-06T08:18:28","date_gmt":"2022-09-06T07:18:28","guid":{"rendered":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/?p=14333"},"modified":"2022-09-06T08:24:30","modified_gmt":"2022-09-06T07:24:30","slug":"what-is-hsts-http-strict-transport-security","status":"publish","type":"post","link":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/","title":{"rendered":"What Is HSTS? (HTTP Strict Transport Security)"},"content":{"rendered":"\n<p>Ensuring the security of your website is highly important, especially when it comes to keeping it away from threats and hackers. There are different ways through which you can secure your website. The first common way is through an SSL certificate.&nbsp;<\/p>\n\n\n\n<p>If your website runs over HTTPS, then one of the security enhancements which is recommended is the HSTS security header.&nbsp;<\/p>\n\n\n\n<p>In this guide, we\u2019ll get to know all about the HSTS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About HSTS (HTTP Strict Transport Security)<\/h2>\n\n\n\n<p>HSTS basically stands for HTTP Strict Transport Security. It is basically a response header that forces the browser to use secure connections when a site is running over HTTPS. The Strict Transport Security response header directs the browsers to use HTTPS to access a website and avoid using HTTP for any connection.<\/p>\n\n\n\n<p>It is a security header wherein you add to your web server and is reflected in the response header as Strict Transport Security.&nbsp;<\/p>\n\n\n\n<p>By avoiding redirections from HTTP to HTTPS, HSTS reduces the chances of man-in-the-middle-attacks. Even if a visitor is trying to access a website over HTTP, HSTS commands the browser to use HTTPS for interaction.<\/p>\n\n\n\n<p>Also, HSTS is important as it resolves the following issues:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>If there is any attempt by a visitor to use the unsecured version (HTTP:\/\/) of a page on your website will be forwarded automatically to the secure version (HTTPS:\/\/)<\/li><li>It does not allow for the overriding of the invalid message certificate which in turn protects the visitor.\u00a0<\/li><\/ul>\n\n\n\n<p><strong>Related: <a href=\"https:\/\/www.milesweb.co.uk\/blog\/hosting\/significance-of-web-hosting-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">Significance Of Web Hosting Security<\/a><\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Benefits of HSTS:<\/h3>\n\n\n\n<p>There are a lot of benefits of having HSTS. They are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Reduces the risk of information getting unencrypted.&nbsp;<\/li><li>Improves the data integrity.&nbsp;<\/li><li>Helps to prevent man-in-the-middle attacks (MitM) and cookie hijacking. This is because your website\u2019s encryption certificate is validated by the end user&#8217;s browser.&nbsp;<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Knowing About the HSTS Preload List:<\/h3>\n\n\n\n<p>The HSTS preload list is an initiative by the two names, Mozilla Firefox and Google Chrome, to solve the issue of untrusted visits of users.&nbsp;<\/p>\n\n\n\n<p>The benefit of the preload list is that your web browser already has the HSTS header before connecting to the website for the very first time. It\u2019s easy to get added to the list of HSTS preloaded list. It\u2019s only a single line of code (that includes the word \u201cpreload\u201d) that goes beside the HSTS header.<\/p>\n\n\n\n<p>After this is added, go to Google\u2019s sign-up page and add yourself to the list. The HSTS preload list is updated each time a new version of the browser is released.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">HSTS Supports Which Browsers?<\/h3>\n\n\n\n<p>HSTS supports the below browsers:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Google Chrome version since version 4.0.211.0<\/li><li>Opera since version 12<\/li><li>Firefox since version 4, Firefox 17. Mozilla integrates with a list of websites supporting HSTS<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to Enable HSTS in Apache?<\/h3>\n\n\n\n<p>This is how you can enable HSTS in Apache:<\/p>\n\n\n\n<p>First, to enable HSTS, you need to enable the&nbsp;<strong><em>mod_headers.&nbsp;<\/em><\/strong>Run the command:&nbsp;<\/p>\n\n\n\n<p><strong><em>a2enmod headers<\/em><\/strong><\/p>\n\n\n\n<p>In the configuration of your Apache site, add the following command inside every Virtual Host. Also, look for&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">&lt;VirtualHost *:443&gt;\nHeader always set Strict-Transport-Security \u201cmax-age=15552000; includeSubdomains\u201d<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">How to Enable HSTS in Ngnix?<\/h3>\n\n\n\n<p>In your Ngnix site configuration, add the following to each SSL server block:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">add_header Strict-Transport-Security \u201cmax-age=15552000; includeSubDomains\u201d<\/pre>\n\n\n\n<p>And that\u2019s all about HSTS!<\/p>\n\n\n\n<p><strong>Conclusion&nbsp;<\/strong><\/p>\n\n\n\n<p>It\u2019s recommended to set up HSTS on your website. It keeps both your customer&#8217;s data and your own security. Also helps to rank better on search engines.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ensuring the security of your website is highly important, especially when it comes to keeping it away from threats and hackers. There are different ways through which you can secure your website. The first common way is through an SSL certificate.&nbsp; If your website runs over HTTPS, then one of the security enhancements which is [&hellip;]<\/p>\n","protected":false},"author":34,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[2927,2928],"class_list":["post-14333","post","type-post","status-publish","format-standard","placeholder-for-hentry","category-ssl-issues-faq","tag-hsts","tag-http-strict-transport-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What Is HSTS? (HTTP Strict Transport Security) | MilesWeb<\/title>\n<meta name=\"description\" content=\"HSTS helps to keep your website secure against man-in-the-middle attacks and cookie hijacking. In this guide, we\u2019ll get to know more about HSTS, benefits, pre-load list and more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is HSTS? (HTTP Strict Transport Security) | MilesWeb\" \/>\n<meta property=\"og:description\" content=\"HSTS helps to keep your website secure against man-in-the-middle attacks and cookie hijacking. In this guide, we\u2019ll get to know more about HSTS, benefits, pre-load list and more.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Web Hosting FAQs by MilesWeb\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-06T07:18:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-06T07:24:30+00:00\" \/>\n<meta name=\"author\" content=\"Nehal Khatri\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nehal Khatri\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/\",\"name\":\"What Is HSTS? (HTTP Strict Transport Security) | MilesWeb\",\"isPartOf\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website\"},\"datePublished\":\"2022-09-06T07:18:28+00:00\",\"dateModified\":\"2022-09-06T07:24:30+00:00\",\"author\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/0241ea191f60975839d956b6952e0a1d\"},\"description\":\"HSTS helps to keep your website secure against man-in-the-middle attacks and cookie hijacking. In this guide, we\u2019ll get to know more about HSTS, benefits, pre-load list and more.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is HSTS? (HTTP Strict Transport Security)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/\",\"name\":\"Web Hosting FAQs by MilesWeb\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/0241ea191f60975839d956b6952e0a1d\",\"name\":\"Nehal Khatri\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/736396ef8d8bdecec53ce8851058903e?s=96&d=blank&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/736396ef8d8bdecec53ce8851058903e?s=96&d=blank&r=g\",\"caption\":\"Nehal Khatri\"},\"description\":\"Nehal is an ardent content writer. She's passionate about crafting content that's simple but adds value. Her insatiable interest in writing has allowed her to explore her skills. She is adept and can write for different types of content formats.\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/author\/nehal-khatri\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Is HSTS? (HTTP Strict Transport Security) | MilesWeb","description":"HSTS helps to keep your website secure against man-in-the-middle attacks and cookie hijacking. In this guide, we\u2019ll get to know more about HSTS, benefits, pre-load list and more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/","og_locale":"en_GB","og_type":"article","og_title":"What Is HSTS? (HTTP Strict Transport Security) | MilesWeb","og_description":"HSTS helps to keep your website secure against man-in-the-middle attacks and cookie hijacking. In this guide, we\u2019ll get to know more about HSTS, benefits, pre-load list and more.","og_url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/","og_site_name":"Web Hosting FAQs by MilesWeb","article_published_time":"2022-09-06T07:18:28+00:00","article_modified_time":"2022-09-06T07:24:30+00:00","author":"Nehal Khatri","twitter_misc":{"Written by":"Nehal Khatri","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/","name":"What Is HSTS? (HTTP Strict Transport Security) | MilesWeb","isPartOf":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website"},"datePublished":"2022-09-06T07:18:28+00:00","dateModified":"2022-09-06T07:24:30+00:00","author":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/0241ea191f60975839d956b6952e0a1d"},"description":"HSTS helps to keep your website secure against man-in-the-middle attacks and cookie hijacking. In this guide, we\u2019ll get to know more about HSTS, benefits, pre-load list and more.","breadcrumb":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/what-is-hsts-http-strict-transport-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/"},{"@type":"ListItem","position":2,"name":"What Is HSTS? (HTTP Strict Transport Security)"}]},{"@type":"WebSite","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/","name":"Web Hosting FAQs by MilesWeb","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/0241ea191f60975839d956b6952e0a1d","name":"Nehal Khatri","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/736396ef8d8bdecec53ce8851058903e?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/736396ef8d8bdecec53ce8851058903e?s=96&d=blank&r=g","caption":"Nehal Khatri"},"description":"Nehal is an ardent content writer. She's passionate about crafting content that's simple but adds value. Her insatiable interest in writing has allowed her to explore her skills. She is adept and can write for different types of content formats.","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/author\/nehal-khatri\/"}]}},"views":153,"_links":{"self":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts\/14333","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/comments?post=14333"}],"version-history":[{"count":2,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts\/14333\/revisions"}],"predecessor-version":[{"id":14336,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts\/14333\/revisions\/14336"}],"wp:attachment":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/media?parent=14333"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/categories?post=14333"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/tags?post=14333"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}