Enabling HSTS in Cpanel

ABOUT HSTS

HTTP Strict Transport Security (HSTS) instructs web browsers to only use secure connections for all future requests when communicating with a web site. Doing so helps prevent SSL protocol attacks, SSL stripping, cookie hijacking, and other attempts to circumvent SSL protection.

ENABLING HSTS

When HSTS is enabled for a site, web browsers automatically change any insecure requests (http://) to secure requests (https://). All you need to do to enable HSTS is add a header to your site's .htaccess file. Web browsers recognize this header, and then take care of the rest without any further intervention on your part.

To enable HSTS for your site, follow these steps:

  1. Using SSH or the cPanel File Manager, navigate to the ~/public_html directory.
  2. Use your preferred text editor to open the .htaccess file.
    If the .htaccess file does not already exist, create it.
  3. Copy the following line, and then paste it into the .htaccess file:
    Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
  4. Save your changes to the .htaccess file. HSTS is now enabled for your site.

    When the webserver sends this header, any browser that accesses the site over HTTPS will be unable to access the unsecured HTTP site for the specified length of time (in this case, 31,536,000 seconds, or one year). Therefore, as soon as you enable HSTS, you should not stop using SSL on your site. If you do, returning visitors will be unable to access your site.

MORE INFORMATION

For more information about HSTS, please visit https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What DNS Nameservers should I use?

For your hosting at JUCRA Digital, please use the following nameservers. DNS NAME IP...

Why is my site running slow? Understanding CloudLinux LVE Resource Usage

Sometimes we are asked "why is my site running slow" or "why am I getting kicked out of my site"...

My site won't run on php 7+

You are reading this article because you have a website on our servers and when you switch to php...