Enabling HSTS

Jamie

Has anyone successfully enabled this? I've tried using the default .htaccess method but I'm receiving 500 errors. Any tips/advise would be greatly appreciated.

Jamie

Not sure, but now working with

Header always set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload" env=HTTPS

John-P

Apache, LSWS, or OLS?

That won't work in Open LiteSpeed but I don't see why it wouldn't in the other two.

Jamie

Hi John,

This was on Apache, as my last reply its now working as expected

lucioguappo

Hello, I would like to verify HSTS header on my website...but different online tool make different replies, have some idea/indication about?

https://hstspreload.org
https://developer.mozilla.org/en-US/observatory

and also, using external authoritative dns, how should I set the DNS of the website in the control panel?

slimx

TESTED ON LITESPEED ENTERPRISE:
I personally use BUNNY CDN on a few sites, and we enable HSTS on it. Works quite fine.
Few sites have problems cause they have to use Google Maps and whatnot, so had to add a lot of annoying exclusions.

No clients have needed on OLS yet.

Andreas

Just a reminder, if you use the preload, and your SSL expires, your site will not be accessible.

alpha_mann

I faced the same! But it gets solved, you can check this way https://cheapsslweb.com/resources/what-is-hsts-certificate

It might be helpful.