Last Chance: Cyber Monday 40% OFF



Configuring HSTS (HTTP Strict Transport Security)

Tackle WordPress weaknesses and fortify your website Learn more

One of the best-known policies is the HTTP Strict Transport Security. Below, we will give a quick overview of HSTS configuration and what is recommended. If you want to know what HSTS is or why you need it:

Configuring HTTP Strict Transport Security

The most effective way to use HSTS is by preloading the strict policy directly in supported browsers. 

If you do not preload your website, the browser will only remember the preference after each first visit. Although better than nothing, preloading is the way to go. 

After selecting ‘preload’ in Really Simple SSL, you can go to to add your domain to the browser list. Please know that getting on the list is more straightforward than being removed. If you, for any reason, need to fall back to HTTP:// and you’re still on the preload list. Your website will be available once it is off the list or back on HTTPS://.

If you want to use preload, make sure you enable these settings:

  •  HTTP Strict Transport Security
  • Include preload
  • Include subdomains
  • Choose the max-age for HSTS (Minimum of One-Year)

Table of Contents

Peter Tak

Peter Tak

Security Officer at Really Simple Plugins

Read More

Advanced Security

Tackle WordPress weaknesses and fortify your website. New hardening features!


Want to know the in and outs of security jargon? Get to know our features.

Premium support will offer assistance in 24 hours. If you need help, or have any questions just contact our awesome support team/

Related articles