Select your language

What is HSTS?

HTTP Strict Transport Security (HSTS) is a security mechanism for HTTPS connections.

If HSTS is activated, the web server sends an additional header (Strict Transport Security) for HTTPS connections with the information that the requested page should only be accessed via an encrypted connection for a certain period of time.

How do I activate HSTS?

The HSTS header can be activated in the Hostpoint Control Panel as follows:

  1. Log in to the Hostpoint Control Panel with your Hostpoint ID.
  2. Open your server and switch to “Websites” on the left.
  3. Under the website where you want to activate the HSTS header, click on “Edit”.
  4. Scroll down to the “SSL encryption” section and expand it.
  5. Here you can enable and configure HSTS.
    Note: Please not that this option is only visible if the website is running on Nginx

HSTS

If a browser sees this header of an HTTPS website, it knows that this domain can only be accessed via HTTPS (SSL or TLS). It will then deny unencrypted access. The browser stores this information for the time specified in “max-age”. It is therefore important to ensure that your website and any subdomains are completely accessible via HTTPS and for all content to be exclusively referenced via HTTPS before you activate HSTS.

It is common practice to first activate HSTS with short periods of time and then gradually extend it. For example, start with 5 minutes (300 seconds) and test your website extensively. Then increase the value for “max-age” step by step to one hour (3600 seconds), one day (86400), one week (604800) as you feel confident. It is recommended to set the value for “max-age” to more than 120 days (10368000), ideally to one year (31536000).

Websites should aim to use the maximum “max-age” to ensure increased security for the current domain in the long run.

If this value is set to 0 seconds, the corresponding HSTS information will be deleted. To do so, wait at least for the previously entered value of time. For example, if you set 10368000 seconds (120 days), you must wait at least 120 days until the previous HSTS information is safely deleted from all browsers.

IncludeSubdomains

By activating the “IncludeSubdomains” option, the HSTS settings apply to all subdomains. If you deactivate this option, HTTPS is only required for the main domain.

Preload

The term “HSTS preload” is used to describe the process of providing browsers with a predefined list of HSTS information for various websites from the manufacturer. This means that browsers know before they visit a protected website for the first time that they should only contact it via an encrypted connection. By activating the “preload” option, a provider of HSTS preload lists can check whether your domain can be placed on the preload list and whether you as the owner of this domain agree to this.

Your settings can be checked via the following website: https://hstspreload.org

This list is created by the Chromium Project and is used by most major browsers. These websites are not depending on whether HSTS response headers have been created to enforce the policy. Instead, the browser already knows that the domain name alone requires HTTPS and performs HSTS before any connection or communication is established.​

Please use this form only to provide feedback on the above guide.
For support requests please use this form instead.

 

 

© 2001 - Hostpoint AG
Cookie

Wir verwenden Cookies  🍪

We use Cookies  🍪

Nous utilisons des cookies  🍪

Utilizziamo dei cookie  🍪

Die digitalen Auftritte von Hostpoint (Website, Control Panel, Support Center etc.) verwenden Cookies. Diese werden dazu verwendet, um Daten über Besucherinteraktionen zu sammeln. Wenn Sie auf «Akzeptieren» klicken, stimmen Sie der Verwendung dieser Cookies für Werbezwecke, Website-Analyse und Support zu. Gewisse essenzielle Cookies sind jedoch für eine ordnungsgemässe Funktion dieser Seiten unerlässlich und können deshalb nicht deaktiviert werden. Auch ohne Ihre Zustimmung können gewisse Daten in anonymisierter Form für statistische Zwecke und zur Verbesserung unserer Websites verwendet werden. Bitte beachten Sie unsere Datenschutzerklärung.

Hostpoint's digital presences (website, Control Panel, Support Center, etc.) use cookies. These are used to collect data on visitor interactions. If you click “Accept”, you agree to the use of these cookies for advertising purposes, website analysis and support. However, certain cookies are essential for the proper functioning of these pages and therefore cannot be disabled. Even without your consent, certain data may be used in anonymized form for statistical purposes and to improve our websites. Please note our Privacy policy.

Le sites Web de Hostpoint (site Web, Control Panel, Centre d'assistance, etc.) utilisent des cookies. Ces cookies servent à collecter des données sur les interactions des visiteurs. En cliquant sur «Accepter», vous consentez à l’utilisation de ces cookies à des fins de publicité, d’analyse du site Web et d’assistance. Certains cookies essentiels sont cependant indispensables au bon fonctionnement de notre sites Web et ne peuvent donc pas être désactivés. Même sans votre consentement, certaines données peuvent être utilisées sous forme anonymisée à des fins statistiques et pour améliorer notre sites Web. Veuillez prendre connaissance de notre Déclaration de protection des données.

Le presenze digitali di Hostpoint (sito web, Pannello di controllo, Support Center, ecc.) utilizzano i cookie. Questi vengono utilizzati per raccogliere dati sulle interazioni dei visitatori. Facendo clic su «Accetta», acconsente all’utilizzo di questi cookie per scopi pubblicitari, di analisi del sito web e di supporto. Alcuni cookie essenziali sono tuttavia indispensabili per il corretto funzionamento di questi siti web e pertanto non possono essere disattivati. Anche senza il Suo consenso, determinati dati potrebbero essere utilizzati in forma anonima per fini statistici e per l’ottimizzazione dei nostri siti web. Si prega di tenere conto della nostra Dichiarazione per la pivacy.

Ablehnen
Decline
Refuser
Rifiuta
Akzeptieren
Accept
Accepter
Accetta