+2 votes
in Web & Google by (63.0k points)
How can I enable HTTP Strict Transport Security (HSTS) on my website by modifying .htaccess file? I am using Apache web server.

1 Answer

+1 vote
by (271k points)
selected by
Best answer

Edit your .htaccess file to add the following line:

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

 The above line will enable HTTP Strict Transport Security (HSTS) on your website. This will tell browsers to load your website & its subdomains using HTTPS. Here I have set the max-age to 365 days. You can change the value as per your wish.

If you stop using HTTPS on your website, browsers will give error whenever a user will try to access your website. So, make sure you continue supporting HTTPS on your website after enabling HSTS..