Add HSTS in Zenphoto

The HTTP Strict Transport Security (HSTS) HTTP header ensures web browsers always load your image gallery with HTTPS. After you force SSL usage, follow below to add HSTS in Zenphoto.

Warning: Once enabled, HSTS disallows the user from overriding an invalid or self-signed certificate message. Your website will be inaccessible without a valid SSL.


  1. Login to Zenphoto.
  2. Install the http_security_headers plugin in the Security category.
  3. Click the gear icon to change settings.
  4. Specify HSTS settings:
    Strict-Transport-Security: max-age – how long HSTS should be active in seconds before rechecking its status
    Strict-Transport-Security – includeSubdomains – check to include subdomains
    Strict-Transport-Security – preload – check to submit your domain to the preload list
  5. Click Apply at the bottom.
Enable for 10886400 seconds (126 days) and on subdomains

To better secure your image galleries, configure X-Frame-Options in Zenphoto and check out our managed VPS host.


It looks like this article doesn't have any comments yet - you can be the first. If you have any comments or questions, start the conversation!

Was this article helpful? Let us know!