Skip to content

I suggest you...

← Feature Suggestions

Support for HTTP Strict Transport Security / HSTS

I'm wondering if Plesk also will implent HTTP Strict Transport (or HSTS) Security in the GUI. It's an extra layer of security for sites who need to be extra secure.

It's being done with a special header (mod_headers for Apache) and a TLS connection. The client (browser) can then verify if the server is the real server and not a man-in-the-middle server/attack.

It's as simple as adding the following code to the vhost config (HTTPS only!):

Apache:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

Nginx:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

441 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

linqlol shared this idea  ·   ·  Report…  ·  Admin →
completed  ·  AdminPlesk Staff (Community Manager, Plesk International GmbH) responded  · 

Hi!

The functionality is now available in the SSL It! Plesk Extension: https://ext.plesk.com/packages/3c4117f6-c05c-4d3b-9173-60f10096a9c4-sslit

How to find it:
1. install SSL It! Extension (it’s available for Plesk 17.8+)
2. go to > SSL/TLS Certificates
3. if there is no SSL Certificate installed on the domain – issue one (using, for example, free Let’s Encrypt SSL Certificate)
4. if an SSL Certificate is installed on the domain, there is a switcher HSTS, turn it on
5. Voila!

We would appreciate hearing your feedback on the implementation of this functionality. Thanks in advance!

Show previous admin responses (2)

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
1 3 Next →

Feature Suggestions: Web / SSL

Categories

Feedback and Knowledge Base

(thinking…)