Security Server response header - Strict Transport Security

What is strict Transport Security header​

Strict Transport Security (HSTS) is a header that guides the browser never load a site via HTTP protocol. This technology allows you to protect the user from attacks by hackers. With the correct HSTS configuration, even during the first load of the site, only a secure connection will be used.

Your site must be available via HTTPS connection, and the SSL certificate installed without errors.

Basic directives​

max-age - guide the browser how long the HSTS will expire in seconds.​
includeSubDomains - applies HSTS not only to the main domain, but to all available subdomains.​
preload - guide the browser that the site has been added to the Preload List.​

Using HSTS in nginx.conf (NGINX):
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";

Using HSTS in httpd.conf (Apache):
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Using HSTS in .htaccess:
<ifModule mod_headers.c>
    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"