Add HSTS in Drupal 8 with the Security Kit Module

by InMotion Hosting Contributor

1 Minutes, 1 Seconds to Read

Adding HSTS (HTTP Strict Transport Security) in Drupal 8 forces web browsers to only load your website with a valid SSL certificate. This improves Drupal security against downgrade attacks and similar man-in-the-middle (MITM) attacks. HSTS is similar to a HTTP to HTTPS redirect but within the browser.

Below we’ll cover how to install the Security Kit module and enable HSTS.

Warning: Once enabled, HSTS disallows the user from overriding an invalid or self-signed certificate message. Your website will be inaccessible without a valid SSL.

Install Security Kit

  1. Login to Drupal.
  2. Install the Drupal module using the Security Kit download link.
  3. Click Install at the bottom.
  4. Click Configuration at the top.

Enable HSTS

  1. Under System, Click Security Kit settings.
  2. Click SSL/TLS to see HSTS settings.
  3. Check the box for HTTP Strict Transport Security.
  4. Specify the Max-age (in seconds) for how long the header should remain active.
  5. (Optional) Check the box to Include Subdomains for this domain.
  6. (Optional) Check Preload if you plan to submit your domain to the HSTS preload list after saving these changes.
  7. At the bottom, click Save configuration.
HSTS with Security Kit
Use the checkboxes to easily configure HSTS or click the clicks to learn more

Get high performance and security with our Managed Drupal Hosting.

Share this Article
InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting
Related Articles
Finding 404 page not found errors in Drupal 7
Removing the site title in Drupal 8
Content Types in Drupal 8
Disabling user images for posts and comments in Drupal 8
How to add an image in Drupal 7
How to upload your custom logo in your Drupal 7 theme
Setting custom logos in your Drupal 8 theme
Fixing the “An unrecoverable error occurred” error in Drupal
How to Make a Duplicate Drupal Site
How to Install a New Theme in Drupal

Need More Help?

Current Customers

Chat: Chat with Sales
Call: 757-416-6575 x2
Ticket: Submit a Support Ticket

Get Reliable Web Hosting

Chat: Chat with Sales
Email: [email protected]
Call: 757-416-6575 x1

Get web hosting that grows with your business. Our all-in-one hosting platform gives you everything your website needs to scale - so you can focus on the next big thing for you and your business.