Articles on: cPanel

Enable HTTP Strict Transport Security (HSTS) in cPanel

HTTP Strict Transport Security (HSTS) is a tool in which a website tells browsers to use HTTPS for future requests. HSTS will force all requests to the current domain name to use https:// URL. When you enter a URL in the web browser, you skip the protocol part. For example, you type, not
The web server replies with a redirect (301 response code) that points to the HTTPS site. The browser makes an HTTPS connection to In addition, it strengthens SSL by preventing many common attacks against it (such as protocol attack and cookie hijacking).

To Enable HSTS or HTTP Strict Transport Security on your site, follow these steps

Login to your cPanel.

Click on File Manager at the Files section.

At the top-right side of the screen, click Settings.

Tick the Document Root radio button and select the domain name from the drop-down list for which HSTS needs to be enabled. Then, select the Show Hidden Files checkbox and click Save.

Navigate to the ~/public_html directory or the directory that your web files have been stored. Right-click on .htaccess file and click Edit.

Click Edit.

You can enable HSTS headers by adding the following line. Save your changes to the .htaccess file.

Header set Strict-Transport-Security: "max-age=31536000 ; includeSubDomains ;" env=HTTPS

Congratulations! HSTS is now enabled for your site.
If you need any further assistance, do contact us at

Updated on: 20/06/2022

Was this article helpful?

Share your feedback


Thank you!