The HTTP Strict Transport Security (HSTS) HTTP header ensures web browsers always load your image gallery with HTTPS. After you force SSL usage, follow below to add HSTS in Zenphoto.

Warning: Once enabled, HSTS disallows the user from overriding an invalid or self-signed certificate message. Your website will be inaccessible without a valid SSL.

Add HSTS

  1. Login to Zenphoto.
  2. Install the http_security_headers plugin in the Security category.
  3. Click the gear icon to change settings.
  4. Specify HSTS settings:
    Strict-Transport-Security: max-age – how long HSTS should be active in seconds before rechecking its status
    Strict-Transport-Security – includeSubdomains – check to include subdomains
    Strict-Transport-Security – preload – check to submit your domain to the preload list
  5. Click Apply at the bottom.
zenphoto hsts
Enable for 10886400 seconds (126 days) and on subdomains

To better secure your image galleries, configure X-Frame-Options in Zenphoto and check out our managed VPS Hosting.

Similar Posts