Enable HSTS in Cloudflare for Stronger SSL Security

by InMotion Hosting Contributor

1 Minutes, 33 Seconds to Read

HSTS in Cloudflare

Whether you’re using shared or VPS hosting services to create a website, it’s important to have a SSL certificate for added security. But it is not enough to install a domain validated SSL. You need to ensure your web server only serves website requests with an encrypted connection. This is accomplished with a 301 redirect in your .htaccess file.

For additional security you can use HTTP Strict Transport Security (HSTS) which forces browsers to request HTTPS pages from your domain. This is typically configured within your .htaccess file. However, those using the Cloudflare content delivery network (CDN) for improved website speed can enable this with a few clicks. Below we’ll cover how to enable HSTS using Cloudflare.

Enable HSTS in Cloudflare

Cloudflare HSTS configuration options
  1. Log into Cloudflare.
  2. On the top, select Crypto.
  3. Select Enable HSTS.
  4. Read the acknowledgement to ensure you fully understand the implications of enabling HSTS. The most important thing to understand is that you must have an active SSL certificate installed for the domain at all times. Otherwise, your website will become inaccessible from your web browser until the HTTP header expires. Select Next.
  5. Select the toggle button for Enable HSTS (Strict-Transport-Security).
  6. Set the Max Age Header (max-age) which determines how long the security HTTP header should be active.
  7. Toggle Apply HSTS policy to subdomains (includeSubDomains) if desired. Do not select this if you have subdomains that aren’t publicly facing and don’t have an SSL.
  8. Select Preload if you’d like to submit your website to HSTSpreload.org for preload listing if eligible.
  9. You can enable No-Sniff Header. However, you should configure Content Security Policy (CSP) in your .htaccess file which controls what the browser can load within your website in superior ways.
  10. After you configure your preferences, press Save at the bottom.

Learn more within Cloudflare documentation. Learn how to maximize your Linux systems with our Cloud Server Product Guide.

If you don’t need cPanel, don't pay for it. Only pay for what you need with our scalable Cloud VPS Hosting.

check markCentOS, Debian, or Ubuntu check markNo Bloatware check markSSH and Root Access

Share this Article
InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting
Related Articles
How to Create a Local Dev Server with Vagrant
AWStats: View Statistics About Your Website Traffic
MySQL Error 1064: You Have an Error in Your SQL Syntax
MySQL Error 1044 Access Denied
Troubleshooting: Fixing the “localhost Refused to Connect” Error
HTTP Error Codes: What They Mean and How to Fix Them
How to Fix the 504 Gateway Timeout Error
500 Internal Server Error
How To Create a PHP Redirect (301, 302, and Dynamic Redirect Examples)
Connect to SFTP for Shared Hosting Accounts Using FileZilla

Need More Help?

Current Customers

Chat: Chat with Sales
Call: 757-416-6575 x2
Ticket: Submit a Support Ticket

Get Reliable Web Hosting

Chat: Chat with Sales
Email: [email protected]
Call: 757-416-6575 x1

Get web hosting that grows with your business. Our all-in-one hosting platform gives you everything your website needs to scale - so you can focus on the next big thing for you and your business.