Introduction
This article will detail the necessary steps to enable HSTS on a cPanel server.
Procedure
To enable HSTS, please use the below steps:
Log into WHM and click "Apache Configuration" - Home »Service Configuration »Apache Configuration.
Click on "Include Editor"
Click on the drop-down box under "Pre main include" and select "all versions"
Add the following information to the text box:
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=300; includeSubDomains; preload"
Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure"
Header always set X-Frame-Options "sameorigin"
Header setifempty Referrer-Policy: same-origin
Header set X-XSS-Protection "1; mode=block"
Header set X-Permitted-Cross-Domain-Policies "none"
Header set Referrer-Policy "no-referrer"
Header set X-Content-Type-Options: nosniff
</IfModule>
Click the blue "update" button
Click the blue "restart apache" button
Confirm that your site now has the strict-transport-security header using the following command:
read -p "Domain: " domain ; curl -s --head https://${domain}/ | egrep 'Strict-Transport-Security'
This will allow you to input the domain you would like to check; as an example, I will use 'hsts.com':
[root@test ~]# read -p "Domain: " domain ; curl -s --head https://${domain}/ | egrep 'Strict-Transport-Security'
Domain: hsts.com
Strict-Transport-Security: max-age=300; includeSubDomains; preload
Comments
0 comments
Article is closed for comments.