Add HSTS in Zenphoto

The HTTP Strict Transport Security (HSTS) HTTP header ensures web browsers always load your image gallery with HTTPS. After you force SSL usage, follow below to add HSTS in Zenphoto.

Warning: Once enabled, HSTS disallows the user from overriding an invalid or self-signed certificate message. Your website will be inaccessible without a valid SSL.

Add HSTS

  1. Login to Zenphoto.
  2. Install the http_security_headers plugin in the Security category.
  3. Click the gear icon to change settings.
  4. Specify HSTS settings:
  5. Strict-Transport-Security: max-age – how long HSTS should be active in seconds before rechecking its status
  6. Strict-Transport-Security – includeSubdomains – check to include subdomains
  7. Strict-Transport-Security – preload – check to submit your domain to the preload list
  8. Click Apply at the bottom.
Enable for 10886400 seconds (126 days) and on subdomains

To better secure your image galleries, configure Content Security Policy (CSP) in Zenphoto and check out our managed VPS Hosting.

Was this article helpful? Let us know!