The HTTP Strict Transport Security (HSTS) HTTP header ensures web browsers always load your image gallery with HTTPS. After you force SSL usage, follow below to add HSTS in Zenphoto.
Warning: Once enabled, HSTS disallows the user from overriding an invalid or self-signed certificate message. Your website will be inaccessible without a valid SSL.
Add HSTS
- Login to Zenphoto.
- Install the http_security_headers plugin in the Security category.
- Click the gear icon to change settings.
- Specify HSTS settings:
Strict-Transport-Security: max-age – how long HSTS should be active in seconds before rechecking its status
Strict-Transport-Security – includeSubdomains – check to include subdomains
Strict-Transport-Security – preload – check to submit your domain to the preload list - Click Apply at the bottom.
To better secure your image galleries, configure X-Frame-Options in Zenphoto and check out our managed VPS host.