How do you enable HTTP Strict Transport Security (HSTS)?
HTTP Strict Transport Security (HSTS) informs all user agents that they should only communicate with the web server using HTTPS. This can be used to prevent some attacks that downgrade connections from HTTPS to HTTP. All our servers support the ability to enable HSTS on either your entire account or just an individual domain. You can do this by adding the following to your domains .htaccess file:
Header always set Strict-Transport-Security "max-age=31536000" Header always set Strict-Transport-Security "max-age=31536000"
This header tells the client that interactions with the configured sites should always use HTTPS for one year (31536000 seconds).
Was this answer helpful?