Question
A security scan reports no HSTS support on cPanel ports such as 2087, 2096, and 2083. Does cpsrvd support HSTS?
Answer
Cpsrvd enforces SSL upgrades, regardless of the HSTS setting. This prevents TLS downgrade attempts, minimizing the need for HSTS headers.
At this time, there is no method to support HSTS on cpsrvd. You may submit a feature request as outlined here:
How to submit a feature request
If you are seeking information on how to add HSTS to Apache, please see below:
How to enable HSTS/Content Security Policy on a cPanel server.
Comments
0 comments
Article is closed for comments.