Enable HTTP Strict Transport Security (HSTS) in cPanel.

HTTP Strict Transport Security (HSTS) is a security feature that ensures all connections to your website are made securely through HTTPS. HSTS forces all requests to your domain to use the https:// URL. When users enter a website address in the browser, they often omit the protocol for example, typing www.gbnetwork.my instead of http://www.gbnetwork.my. With HSTS enabled, the browser will automatically redirect these requests to HTTPS without relying on manual redirection or 301 responses from the server.

By enforcing secure connections, HSTS strengthens your SSL configuration and helps protect your website from common security threats such as protocol downgrade attacks and cookie hijacking, ensuring a safer browsing experience for your users.

This guide will walk you through to enable HTTP Strict Transport Security (HSTS) in cPanel.

1. Login to your cPanel.

2. In the search bar, search for File Manager and click on it.

3. At the top-right side of the screen, click Settings.

4. Tick the Document Root radio and select the domain name from the drop-down list for which HSTS needs to be enabled. Then, select the Show Hidden Files checkbox and click Save.

5. Navigate to the ~/public_html directory or the directory that your web files have been stored. Right-click on .htaccess file and click Edit.

6. Then, click Edit to proceed.

7. You can enable HSTS headers by adding the following line. Save your changes to the .htaccess file.

Header set Strict-Transport-Security: "max-age=31536000 ; includeSubDomains ;" env=HTTPS

If you face any issues or need assistance, don’t hesitate to reach out — our support team is always ready to help!

🔧 Need help? Submit a Support Ticket

💬 Chat with us on Live Chat via our website

Updated on: 21/11/2025