Configure the remote web server to use hsts apache

How do I enable HSTS on my server?
What is Apache HSTS?
How do I connect to Hsts website?
How to enable Content Security Policy in Apache?
How do you check HSTS is enabled or not?
How to enable Content Security Policy in Apache?

How do I enable HSTS on my server?

Enable HSTS

Select your website. Go to SSL/TLS > Edge Certificates. For HTTP Strict Transport Security (HSTS), click Enable HSTS. Read the dialog and click I understand.

What is Apache HSTS?

HTTP Strict Transport Security (HSTS) is a simple and widely supported standard to protect visitors by ensuring that their browsers always connect to a website over HTTPS. HSTS exists to remove the need for the common, insecure practice of redirecting users from http:// to https:// URLs.

How do I connect to Hsts website?

Fortunately, the fix is simple, open up a new Chrome browser window or tab and navigate to the address chrome://net-internals/#hsts and type the URL you are trying to access in the field at the bottom, “Delete Domain Security Policies” and press the Delete button, viola! You should now be able to access that URL again.

How to enable Content Security Policy in Apache?

Content Security Policy (CSP)

CSP instruct browser to load allowed content to load on the website. All major browsers currently offer full or partial support for content security policy. Save the file then restart the Apache service to apply the changes. Save the file then restart Nginx to implement the changes.

How do you check HSTS is enabled or not?

Verify HSTS Header

You can launch Google Chrome Devtools, click into the “Network” tab and look at the headers tab. As you can see below on our Kinsta website the HSTS value: “strict-transport-security: max-age=31536000” is being applied.