Website Security Q&As Logo
Website Security Q&As Part of the Q&A Network
Q&A Logo

How do I configure HTTP Strict Transport Security properly?

Asked on Sep 20, 2025

Answer

To configure HTTP Strict Transport Security (HSTS) properly, you need to set the `Strict-Transport-Security` header in your web server's response to enforce secure (HTTPS) connections. 
<!-- BEGIN COPY / PASTE -->
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    <!-- END COPY / PASTE -->
Additional Comment:
  • max-age=31536000 sets the duration (in seconds) that the browser should remember that a site is only to be accessed using HTTPS. 31536000 seconds is equivalent to one year.
  • includeSubDomains ensures that the rule applies to all subdomains as well, enhancing security across your entire domain.
  • preload is optional and indicates to browsers that your site should be included in the HSTS preload list, which requires submission to a browser-maintained list.

✅ Answered with Security best practices.

Recommended Links:
AI Bootstrap BuilderImperva
← Back to All Questions
The Q&A Network
Security
Ask about Website Security!
JavaScript
Ask anything JavaScript!
Tailwind
Ask anything Tailwind!
AI
Ask anything AI!
Analytics
Ask about Analytics!
AI Images
Ask about AI Images!
SEO
Ask about SEO!
Chatbots
Ask about Chatbots!
AI Audio
Ask anything AI Audio!
Web Hosting
Ask about Hosting!
Performance
Ask about Core Web Vitals!
Bootstrap
Ask anything Bootstrap!
AI Video
Ask about AI Video!
Monetization
Ask about Ad & Monetization!
CSS
Ask anything CSS!
HTML
Ask anything HTML!
WordPress
Ask anything WordPress!