🌼 Spring Sale — Up to 60% discount for hosting and domains
Frequently Asked QuestionsDev

What is HSTS and how can it be activated?

HSTS (HTTP Strict Transport Security) protects websites from attacks by enforcing HTTPS connections. Find out how to enable it and secure your domain!

1
Views 1026Updated 1 anPublished on 12/09/2018by Damian Enache

HSTS (HTTP Strict Transport Security) is a web security mechanism that helps protect websites against "downgrade protocol" and "cookie hijacking" attacks. By using HSTS, the web server informs web browsers that on sites where this mechanism is enabled, the connection must occur only through HTTPS and never through HTTP, with requests made via HTTP being ignored.

Because when a web client first connects to a site, it does not yet know whether the connection will occur via HTTP or HTTPS and waits for instructions from the web server, there is still the possibility of interception of communications. To eliminate this risk, after activating HSTS, the domain can be included in the "preload" list. Thus, the domain name will be entered in the web browser as operating only on HTTPS.

Attention: After being added to the "pre-loading" list, the website will no longer function on HTTP, but only on HTTPS.

More details regarding the "preloading" lists and adding or removing a domain from these lists can be read by visiting: https://hstspreload.org/.

Example of HSTS implementation in the .htaccess file of the Apache web server:

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Similar Articles

How can I redirect a domain from HTTP to HTTPS?Frequently Asked Questions /Dev

The steps presented in this article describe the procedure by which you can redirect a domain from the HTTP version to HTTPS

18
by Cătălin Adrian
Views 3081
Updated 4 years ago
Published on 07/07/2018
Why isn't my website working?Frequently Asked Questions /Random

Find out the main reasons why your website is not functioning correctly and how to quickly resolve these issues.

2
by Mark Dohi
Views 415
Published on 02/07/2025
How can I access phpMyAdmin without entering the Webuzo panel?Frequently Asked Questions /Dev

Find out how you can access phpMyAdmin directly via a link, without entering Webuzo, using the domain address or IP and the corresponding ports.

by Cătălin Adrian
Views 618
Updated 10 months ago
Published on 11/10/2018
Do you offer HTTP 2?Frequently Asked Questions /Dev

HTTP/2 is available on Personal, Business, Reseller, and VPS hosting packages with cPanel/WHM, requiring HTTPS to take advantage of its benefits.

by Sebastian Szlivka
Views 554
Updated 1 year ago
Published on 25/08/2018
The analysis sites GTmetrix and PageSpeed recommend that I set up leverage-browser-caching. How can I do this?Frequently Asked Questions /Dev

Improve your website speed by setting leverage browser caching in the .htaccess file for Apache servers, using expiration rules for images, video, and static files.

by Sebastian Szlivka
Views 537
Updated 6 years ago
Published on 09/02/2019