Please check out our holiday schedule for support availability

Setting up HSTS - HTTP Strict Transport Security - at Pagely

Last Updated -


Purpose

This article describes how to set up HSTS security Policy at Pagely. HSTS (HTTP Strict Transport Security) is a web security policy that protects websites against protocol downgrade attacks and cookie hijacking. It adds a response header field named "Strict-Transport-Security, and specifies a specific time during which the user agent should only access the server in a secure fashion. For more information, visit the HSTS Wikipedia page.

Can I enable HSTS Myself?

While it's possible to do this via php, this is not the suggested Pagely method, and will likely clause issues. Please contact support in order to enable this.

What are somethings I should be concerned about when enabling HSTS?

  1. Multiple redirects: If a browser were to go from HTTP --> HTTPS --> HTTP -> HTTPS the site will not load in most cases, as the browser is trying to strictly adhere to the HSTS policy set in place.
  2. Browser support:  While most up to date browsers support this, unupdated variants may have issues. Additionally, certain browsers recommend a specific length of time. In general, the longer the policy is put in place, the better.

Please contact support if you have any other questions.

Related Topics

Pagely is the Managed WordPress Hosting Platform designed to exceed the needs of media, business, and Enterprise customers alike. We help the world's biggest brands scale WordPress.

Copyright © 2006-2017 Pagely, Inc. All rights reserved.
Pagely® and WordPress® are registered trademarks.

Pagely
Powered by Zendesk