1. Home
  2. Security
  3. Adding HSTS Headers

Adding HSTS Headers

What are HSTS Headers?

For the purpose of explaining these, let’s say your in a coffee shop or cafe with free wifi, where they give you the wifi password and never change it. This is an example of an unsafe network. A hacker could easily set up the network so when someone tries to sign in to your site’s portal, they will be able to in fact redirect their victim to their own phishing site which looks exactly like yours, only when the victim logs in, their login details are sent straight to the naughty hacker.

This is why HTTP Secure Transport Security (HSTS) is essential  for sites using a portal or any kind of ordering.

Adding HSTS Headers
Step 1. Login to your cPanel

If you are unsure on how to do this see our guide on logging into the control panel.

Step 2. Locate your sites ‘.htaccess’ file

On cPanel, select ‘File Manager’.

Beneath files select the first option - File Manager

Now in the file manager you need to find the file for your site, once you have done this, click the link of your sites address.

Click the file containing your site, in our example this is test.nwdemo.co.uk

On the right of the page, all the web page files should appear, find and locate the document called ‘ .htaccess’.

Find the file called .htaccess

Right click and press ‘Edit’.

On the list select the 'Edit' option with a pen to the left of it

This will now take you to an editor for part of your site’s code.

If you are struggling to find it you may need to enter settings and press “view hidden files”.

At the top of the page you need to add:

# HSTS 
# The following header will redirect users to the secure site, using https
# Redirects must be set up also to allow this to work

Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS

At the top of the code, add the HSTS code

Once you have done this, press ‘Save Changes’ and go back to the main Control Panel.

Step 3. Setting up HTTP to HTTPS Redirect

From the Control Panel, under the heading ‘Domains‘ click ‘Redirects’.

Select 'Redirects' under the heading 'Domains'

Now you need to add a redirect. To do this you need to select the site you are going to add the HSTS to in the box beneath ‘https?://(www.)?’.

Select the link you want to redirect from

Then you need to add the ‘Redirects to’ address. So beneath this heading write in your site’s address but with ‘https://’ in front of it.

Select a domain you want to redirect to

Once you have done this click ‘Add’ at the bottom.

HSTS should now be fully set up on your site. Access to your site should now always be secure.

Updated on 16th November 2018

Was this article helpful?

Related Articles