All Questions
4 questions
3
votes
1
answer
969
views
HSTS and TLS redirection: What is the correct order?
Currently I am trying to setup my apache server for HSTS. Therefore my .htaccess looks like this:
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=63072000; ...
- 151
4
votes
1
answer
404
views
Is this HSTS header set correctly in LAMP?
I have a LAMP server and my SSL certificate provider recommended me to set HSTS header as follows in Apache2:
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"...
- 1,737
7
votes
1
answer
333
views
HSTS Strict Transport Security: Include base domain
I configured my apache webserver to use HSTS Strict Transport Security.
If my domain is example.com, most people visit my website over the subdomain www.example.com. Hence, Strict Transport Security ...
- 81
33
votes
2
answers
13k
views
HSTS extra security over HTTPS
Is HSTS good to use even if my servers are configured to use HTTPS (when HTTP is used, the rewrite rules in Apache turns it into HTTPS)?
Also should HSTS be used even on resources like CSS and images,...
- 2,108