HSTS Preload

Seeing as the site is hosted on a Linux server, I’ll go ahead and document this. This is how to set up HSTS Preload for your website, by using .htaccess.

If you want to get your site hard-coded into Google Chrome as an “HTTPS Only” site, it’s actually relatively easy – once you know how to do it. You can verify that this site is listed here

Open your site with your favorite FTP application, I prefer Filezilla. Make sure that you’ve set it to show hidden files. (Files prefaced with a period are hidden files by default.) Edit your .htaccess and add the following:

[code]<IfModule mod_headers.c>
Header set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload” env=HTTPS
</IfModule>[/code]

Save your file to your server and check your site for yourself.

Why do this? It’s added security for your visitors and it’s quite probable that Google has a preference for sites who have taken the time to do so. That may lead to more traffic and happier traffic because they know your site is using HTTPS.