How to activate HSTS (HTTP Strict Transport Security) on your website
HTTP Strict Transport Security on your website: how to force SSL
NYhost.net Support
Last Update 3 jaar geleden
HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone. HSTS is an IETF standards track protocol and is specified in RFC 6797.
How to force SSL protocol on your website
You can activate HSTS or force https:// via existing SSL already installed on your website. Please make sure that you have valid SSL. If you don't, we offer free unlimited Lifetime SSLs with free installation!
HSTS activation via .htaccess file
Please find .htaccess file inside public_html folder. If you don't see it, please enable "show hidden files" inside cPanel File Manager. If you use regular FTP like Filezilla, file will be visible inside public_html folder. Please add following lines inside .htaccess:
Then save .htaccess file. Test your website by going to http://. It will instantly redirect to secured Apache port or https://
If you need any assistance with HSTS activation or SSL installation, please don't hesitate to contact us at any time!