Setting up HSTS - HTTP Strict Transport Security - at Pagely
Last Updated -
This article describes how to set up HSTS security Policy at Pagely. HSTS (HTTP Strict Transport Security) is a web security policy that protects websites against protocol downgrade attacks and cookie hijacking. It adds a response header field named "Strict-Transport-Security, and specifies a specific time during which the user agent should only access the server in a secure fashion. For more information, visit the HSTS Wikipedia page.
Can I enable HSTS Myself?
While it's possible to do this via php, this is not the suggested Pagely method, and will likely clause issues. Please contact support in order to enable this.
What are somethings I should be concerned about when enabling HSTS?
- Multiple redirects: If a browser were to go from HTTP --> HTTPS --> HTTP -> HTTPS the site will not load in most cases, as the browser is trying to strictly adhere to the HSTS policy set in place.
- Browser support: While most up to date browsers support this, unupdated variants may have issues. Additionally, certain browsers recommend a specific length of time. In general, the longer the policy is put in place, the better.
Please contact support if you have any other questions.