Is it necessary to tick "Enable HTTP Strict Transport Security (HSTS)"?

I am deploying WordPress in Hestia control panel.
For my domain, when I click edit, there is one option of “Enable HTTP Strict Transport Security (HSTS)” under SSL.
Is it necessary to tick this?
There is a link of explanation, but I didn’t quite understand that.

When a user (well, a browser) visits your site, usually it tries http first and also usually your web server redirects the user to use https. If you enable HSTS, the first time a browser visits your site it usually will try http first and the web server redirects the user to use https but this time, it caches a header Strict-Transport-Security during a specific time (in Hestia 1 year) so the next time that browser will try to visit your site, it won’t try http, it will always will try to use https even in the case you try to force to visit the domain as http.

If you are serving your site with https, I would enable it.


This answer is much clearer than other web page explains.

1 Like

I am sure it is 6 months what we do by default

1 Like

It changed to 1 year 10 months ago :wink:

# seconds="$(grep 'max-age' $HESTIA/bin/v-add-web-domain-ssl-hsts | grep -Eo '[0-9]{1,}')"; echo "$seconds/60/60/24" | bc

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.