Articles in this section

See more

How to enable/disable HTTP Strict-Transport-Security (HSTS) for a domain in Plesk?

Avatar
Renan Poss Moreira
Updated
Plesk for Windows kb: how-to Plesk for Linux ABT: Group B

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Question

How to enable/disable HTTP Strict-Transport-Security (HSTS) for a domain in Plesk?

Answer

Note: A valid SSL certificate must be installed on the website, otherwise it'll not be accessible.

Note: The HSTS header won't be sent while the preferred domain is "www". There is an UserVoice created to improve this behavior

  1. Log into Plesk

  2. Install SSL It! extension in Extensions

  3. Navigate to Domains > example.com > Hosting Settings and make sure SSL/TLS support is enabled

  4. Navigate to Domains > example.com > SSL/TLS Certificates

  5. Click on the HSTS button:

    mceclip0.png

  6. Configure the HSTS options and click on Enable (or Disable) HSTS:

    mceclip1.png

Comments

3 comments

Sort by Date Votes
  • Avatar
    Oliver Tief

    Plesk tells me that HSTS is active, but it is not working with preload. It would be nice to know how to enable HSTS Preload also.

    0
  • Avatar
    Jon Doe

    Nevermind, I just realized you were probably asking how to enabled Preload in Plesk, not in general. Seems like Plesk is still missing support for that.

    0
  • Avatar
    Charles Dobbs

    It seems HSTS is default state is on. Where is the setting to change this to off?

    When creating a temporary domain for testing, it doesn't have a certificate and you can not create one. It is a temporary domain. So you can not access you temporary domain.

    0

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles