How to enable HSTS/Content Security Policy on a cPanel server.

James Wright

October 15, 2020 19:52
Updated

Introduction

This article will detail the necessary steps to enable HSTS/Content Security Policy on a cPanel server.

Procedure

To enable HSTS/Content Security Policy, please use the below steps:

Log into WHM and click on "Apache Configuration" - Home »Service Configuration »Apache Configuration.

Click on "Include Editor"

Click on the drop-down box under "Pre main include" and select "all versions"

Add the following information to the text box:

Header always set Strict-Transport-Security "max-age=300; includeSubDomains; preload"

Click the blue "update" button

Click the blue "restart apache" button

Confirm that your site now has the strict-transport-security header:

curl -IL hsts.com
HTTP/1.1 200 OK
Date: Sun, 20 Sep 2020 23:29:31 GMT
Server: BNI
Strict-Transport-Security: max-age=300; includeSubDomains; preload
Content-Type: text/html;charset=ISO-8859-1

Articles in this section

How to enable HSTS/Content Security Policy on a cPanel server.

Introduction

Procedure

Comments

Articles in this section

Introduction

Procedure

Related articles