Question
A security scan reports no HSTS support on cPanel ports such as 2087, 2096, and 2083. Does cpsrvd support HSTS?
Answer
cpsrvd enforces SSL upgrades, regardless of the HSTS setting. This prevents TLS downgrade attempts, minimizing the need for HSTS headers.
At the time this article was written, there is no method to support HSTS on cpsrvd. We do have an existing feature request to have this functionality added:
Enable HSTS on cPanel / WHM interface | cPanel Feature Requests
We encourage you to vote on the above feature request to bring it to cPanel developers' attention. The more votes that a feature request receives, the more likely the functionality will be added to a future version of the cPanel software.
If you are seeking information on how to add HSTS to Apache, please see below:
How to enable HSTS/Content Security Policy on a cPanel server.