How to Enable HSTS for your Nginx and Apache Websites
Learn how to enable HTTP Strict Transport Security on your web server by modifying your Apache virtual hosts file and your Nginx conf file.
Find more at https://tonyteaches.tech
Check out my vlog channel @TonyFlorida
#hsts #nginx #apache
by Tony Teaches Tech
linux http server
Where i need t add hsts header in nginx block, 80 port block or 443 block
Tks man
Can you please make video for
Enable hsts on payara/glassfish
But what about other headers you didn't mention that?
X-Content-Type-Options Content-Security-Policy Referrer-Policy X-Frame-Options Permissions-Policy
2nd you didn't show the method if the person is having multiple website on NGINX not just a default sites-available config file because in some conditions scripts and people use different file for each domain.
Set max-age to high number at the beginning might cause problem if you intend to allow your site access via **http**. I set this to 3600. Of course always https is better but just in case.
Thanks Tony it works then I type: add_header Strict-Transport-Security max-age=31536000; but not then I type add_header Strict-Transport-Security max-age=31536000; includeSubDomains; preload Do you have an Idea why? Thanks for your help
But why online penetration testing tools are saying NO hsts header
This was really well made and helpful, thanks.
Thanks, man. This helped a lot!
Muito bom, obrigado!!!
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS (for peoples convenience!)
Very helpful, thanks!
Good work bro 🔥