How to enable Strict-Transport-Security (HSTS) for domain in Plesk for Linux and Windows servers?

For Linux:

  1. Login to Plesk
  2. Go to Plesk > Domains > example.com > Hosting Settings > enable Permanent SEO-safe 301 redirect from HTTP to HTTPS

  3. Go to Domains > example.com > Apache & nginx Settings and add the following custom value in Additional headers section:

    Strict-Transport-Security: max-age=63072000; preload

    Note: Strict-Transport-Security parameters are shown as an example only, the custom directive may vary depending on the site owner needs.

For Windows:

  1. Enable Require SSL for domain and all subdomains in Plesk > Domains > example.com > IIS Settings ; 
  2. Connect to the server via RDP ;
  3. Go to IIS > ServerName > Sites > example.com > HTTP Response Headers > Add ...
  4. Submit fields as follows: 

    Name: Strict-Transport-Security 
    Value: max-age=31536000; includeSubDomains; preload