SSL Certificate more options

DracoBlue

HSTS - Enhances the security of website's visitors by prohibiting web browsers from accessing the website via insecure HTTP connections. If visitors are unable to connect via HTTPS, your website will become unavailable.
OCSP Stapling - Enhances the privacy of website's visitors and improves the website performance. The web server will request the status of the website's certificate (can be good, revoked, or unknown) from the CA instead of the visitor's browser doing so.

John-P

DracoBlue HSTS

You can always set HSTS using htaccess / nginx config

Andreas

For HSTS you can add the line in .htaccess
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

For OCSP Stapling, I have never heard of this before. I found steps here
https://www.ssldragon.com/blog/ocsp-stapling/#enable-ocsp-stapling

John-P

Andreas Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Be very careful using preload and make sure you know what it means and that you are aware of the potential problems before you do. I'd also recommend starting with a lower max-age and testing before putting a long one.

Andreas

John-P Thanks for the feedback. I will look into this more.
Do you have any recommendations or suggestions on this?

Andreas

What a rabbit hole I just went down with this and security headers.