Last Updated on December 4, 2023
HSTS Header insertion
Really simple SSL comes with a lot of new features that encompass the latest version of security features. It doesn’t just mean for high-level security features but also comes with the ability to set HSTS header for your website. Most of the plugins don’t support this great feature since some are outdated but say thanks to Really Simple SSL hosting which encourages a lot to add something interesting to the default templates.
One of the easiest ways to attach the HSTS header to the website is by inserting the HSTS header in the .htaccess file. Nevertheless, this option is not always recommended since it may difficult to access the .htaccess file sometimes. If you find that the .htaccess file is not writable, then the plugin can be inserted into the HSTS header using PHP file.
PHP header used for HSTS, so why a warning?
PHP header will usually work fine. However, the PHP method is not as reliable as the .htaccess method. Caching plugins prevent PHP code from being executed resulting in the HSTS header not being sent and thus will cause the HSTS not to be set correctly. Because of this, Really Simple SSL pro will warn you about this. If you don’t use caching, you can let HSTS to be set using PHP.
Inserting the HSTS header without using PHP
If you don’t like to add the HSTS header with PHP header file, you have to make sure that the current browser uses Apache server. If your site uses the great Apache web server, then it can use a .htaccess file, which makes it easier to access the writable file that allows Really simple SSL to add HSTS Header into the .htaccess file.
When it comes to Nginx server, it doesn’t utilize .htaccess file, rather it uses a ngnix.com file, where the HSTS header can be used.
Testing the HSTS header
A simple way to check whether the HSTS header is sent by checking the redirect checker. If it seems to work perfectly, you can see the HSTS header randomly.
Once you have added the essential redirect, you may see the HTTP Strict Transport Security header to standardize all sorts of connections on Hypertext transfer protocol. Having HTTPS header can do a lot for your website security and it is not just to get an A+ SSL rating from SSL labs but also it could help you protect your favorite website from all sorts of hacks and threatening.
It will prevent authorized access and protect your site against hijacking, cookie, and protocol downgrade attacks.
Keep in mind that, before adding HSTS to your website, you should focus on the configuration options that are available out. A possible cause of server misconfiguration is incompletely configuring the HSTS header. In this case, it fails to provide security features.
Hence, always understand the configuration options before adding the HSTS header into your site.