Add HSTS in Nginx

Mar 28, 2022 · 1 min read · Post a comment

Increasing the website performance and decreasing the server load can be achieved by HSTS. Enabling the HSTS security headers in Nginx will tell the browser to use https instead of http. So let’s see how to enable it.


  • Nginx


Step 1. Open the Nginx virtual host config file. I’m going to do it for

# Security Headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

Step 2. Save it and check the Nginx config.

nginx -v

Step 3. If there are no errors reload the Nginx config.

systemctl reload nginx

Step 4. To check if the HSTS is enabled, run:

curl -s -D- | grep -i Strict


Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.