Putting hsts headers in apache using htaccess or httpd.conf

Question

I have purchased a ssl certificate recently and have redirected all my traffic on secured https way but i want to get included in hsts preload list. For that reason i want to include hsts header. Is there any way using .htaccess or httpd.conf or if there is another way then please tell me in detail

score 2 · Answer 1 · answered Oct 29 '21 at 11:22

you can set the hsts header in a .htaccess file:

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

@see How to set HSTS header from .htaccess only on HTTPS for more information

or with php:

header('Strict-Transport-Security: max-age=63072000; includeSubdomains; preload');

score 0 · Answer 2 · answered Sep 19 '15 at 11:11

Also you can put HSTS header on application side, I mean PHP. Add following code top of your header.php or index.php

<?php header("strict-transport-security: max-age=600");

People who uses shared hosting does not have an access to apache.conf. So proper way to do this is putting it on apache.conf.

Putting hsts headers in apache using htaccess or httpd.conf

2 Answers2