How to manage HTTP Strict Transport Security (HSTS) for your site

This article discusses HTTP Strict Transport Security (HSTS) and how to manage it for your site.

About HSTS

HTTP Strict Transport Security (HSTS) instructs web browsers to only use secure connections (https://) for all future requests when communicating with a web site. Doing so helps prevent SSL protocol attacks, SSL stripping, cookie hijacking, and other attempts to circumvent SSL protection.

Managing HSTS on Linux

By default, HSTS is enabled on all Linux-based managed hosting accounts. You do not need to take any additional steps to use HSTS with your site.

However, there may be scenarios where you want to disable HSTS for your site, such as during site development or testing. To do this, follow these steps:

  1. Using SSH, the cPanel File Manager, or the Plesk File Manager, navigate to the document root of your site (usually the public_html folder).
  2. Use your preferred text editor to open the .htaccess file.
    If the .htaccess file does not already exist, create it.
  3. Copy the following line, and then paste it into the .htaccess file:
    Header always unset Strict-Transport-Security
  4. Save your changes to the .htaccess file. HSTS is now disabled for your site.

More Information

For more information about HSTS, please visit https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security.

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

Usamos cookies con el fin de personalizar para usted nuestro sitio Web y analizar el uso de éste. Usted acepta esto haciendo clic en “Acepto” o al continuar usando el sitio Web. Hay más información sobre cookies en nuestra política de privacidad.