We are currently experiencing a higher than usual ticket volume, and as a result there may be delays before we can reply to your ticket.
Please feel free to reference the information available in our Forums, Documentation, and Knowledge Base in the meantime.

Skip to main content

How to enable HSTS on a cPanel server.

James Wright
  • Updated

Introduction

This article will detail the necessary steps to enable HSTS on a cPanel server.

 

Procedure

To enable HSTS, please use the below steps:

 

Log into WHM and click on "Apache Configuration" - Home »Service Configuration »Apache Configuration.

Click on "Include Editor"

Click on the drop-down box under "Pre main include" and select "all versions"

Add the following information to the text box:

 

Header always set Strict-Transport-Security "max-age=300; includeSubDomains; preload"

 

Click the blue "update" button

Click the blue "restart apache" button

Confirm that your site now has the strict-transport-security header using the following command:

 

read -p "Domain: " domain ; curl -s --head https://${domain}/ | egrep 'Strict-Transport-Security'

 

This will allow you to input the domain you would like to check, as an example, I will use 'hsts.com':

 

[root@test ~]# read -p "Domain: " domain ; curl -s --head https://${domain}/ | egrep 'Strict-Transport-Security'
Domain: hsts.com
Strict-Transport-Security: max-age=300; includeSubDomains; preload

Related articles

Comments

0 comments

Article is closed for comments.