Increasing the website performance and decreasing the server load can be achieved by HSTS. Enabling the HSTS security headers in Nginx will tell the browser to use https instead of http. So let’s see how to enable it.
Prerequisites
- Nginx
Solution
Step 1. Open the Nginx virtual host config file. I’m going to do it for hsts.devcoops.com.conf.
...
# Security Headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
...
Step 2. Save it and check the Nginx config.
nginx -v
Step 3. If there are no errors reload the Nginx config.
systemctl reload nginx
Step 4. To check if the HSTS is enabled, run:
curl -s -D- https://hsts.devcoops.com | grep -i Strict
Conclusion
Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.
