https://security.googleblog.com/2017/09 ... f-web.html
And see if your website can get on the preload list:
https://hstspreload.org/
I made htmlvalidator.com eligible and submitted it.
I use this in my Apache port 80 config (had to change it to redirect to https://htmlvalidator.com instead of https://www.htmlvalidator.com):
Code: Select all
<VirtualHost 50.116.31.253:80>
ServerName www.htmlvalidator.com
ServerAlias htmlvalidator.com *.htmlvalidator.com
<If "%{HTTP_HOST} == 'htmlvalidator.com'">
Redirect / https://htmlvalidator.com/
</If>
<Else>
Redirect / https://www.htmlvalidator.com/
</Else>
DocumentRoot /something/here/
DirectoryIndex index.php index.html index.htm
</VirtualHost>
Code: Select all
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"