HTTP Strict Transport (HSTS) Protection

PreviousOrigin Host Header NextX-Frame Options

Last updated 4 months ago

Was this helpful?

HTTP Strict Transport (HSTS) Protection

The HTTP Strict Transport Security (HSTS) Protection feature in the Medianova Cloud Panel enforces secure connections by ensuring that all HTTP requests are redirected to HTTPS. This helps protect against protocol downgrade attacks and cookie hijacking.

Key Features:

Max-Age Setting: Define the duration (in seconds) that browsers should remember to only use HTTPS for your domain.
Include Subdomains: Optionally enforce HSTS for all subdomains of your domain.
Preload Option: Enable inclusion in the HSTS preload list, ensuring strict HTTPS enforcement even before the first visit.

How to Configure HSTS Protection

Log in to the Cloud Panel: Access the Medianova Cloud Panel and navigate to the CDN Resources section in the left-hand menu.
Select the Relevant Resource: Choose the resource where you want to enable HSTS protection.
Click on the Headers tab.
Enable HSTS Protection: Locate the HSTS Protection setting and toggle it to On.
Configure HSTS Settings:
- Max Age (Seconds): Enter the duration in seconds for which browsers should enforce HTTPS (e.g., 31536000 for one year).
- Include Subdomains: Set to True to apply HSTS to all subdomains, or False to limit it to the main domain.
- Preload: Set to True to include the domain in the HSTS preload list, or False to exclude it.
Submit Your Configuration: Click the Submit button to save and apply your HSTS settings.

By enabling HSTS Protection, you enhance your website's security, ensuring HTTPS is strictly enforced for all connections.

PreviousOrigin Host Header NextX-Frame Options

Last updated 4 months ago

Was this helpful?