x
AnonymousA
Your opinion in 1 minute.
Help us improve by answering 4 quick questions.
Take Survey Now
Get Started with Square
13.59.18.177
13.59.18.177
Wuser1 W
‎04-20-2021 06:44 AM

How do I set "Strict Transport Security" to my site?

I would like to add "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload" to Apache .htaccess file. how do I make it or is there other option?

My site already uses SSL. 

Labels:
Tags (1)
Reply
0 Kudos
1,965 Views
Message 1 of 4
Report
3 REPLIES 3
Adam7
Square
‎04-21-2021 12:31 PM

Thanks for joining the Community and making your first post, @Wuser1.

Unfortunately, there isn't a way to add that as we don't provide direct access to the .htaccess file for your site.

Reply
0 Kudos
1,945 Views
Message 5 of 4
Report
Wuser1 W
‎04-23-2021 12:02 AM

In response to Adam7

Thank you Adam

I see, I hope we make it someday. 

Reply
1,936 Views
Message 5 of 4
Report
Rich_TDC R
‎09-23-2022 07:16 AM

In response to Adam7

Is there an update to the HSTS issue?

Website Does Not Implement HSTS Best Practices medium severity -3.7 score impact
(Your score will increase upon approval of resolution)
Description

HTTP Strict Transport Security is an HTTP header that instructs clients (e.g., web browsers) to only connect to a website over encrypted HTTPS connections. Clients that respect this header will automatically upgrade all connection attempts from HTTP to HTTPS. After a client receives the HSTS header upon its first website visit, future connections to that website are protected against Man-in-the-Middle attacks that attempt to downgrade to an unencrypted HTTP connection. The browser will expire the HTTP Strict Transport Security header after the number of seconds configured in the max-age attribute.

Reply
0 Kudos
665 Views
Message 5 of 4
Report
Anonymous
This thread has been archived and locked. Please start a new thread if you would like to continue the conversation.

Square Community

Square Products

Resources

More

© 2022 Square, Inc.