Enable HTTP Strict Transport Security (HSTS) in cPanel
HTTP Strict Transport Security (HSTS) is a tool in which a website tells browsers to use HTTPS for future requests. HSTS will force all requests to the current domain name to use https:// URL. When you enter a URL in the web browser, you skip the protocol part. For example, you type www.gbnetwork.my, not http://www.gbnetwork.my.
The web server replies with a redirect (301 response code) that points to the HTTPS site. The browser makes an HTTPS connection to www.gbnetwork.my. In addition, it strengthens SSL by preventing many common attacks against it (such as protocol attack and cookie hijacking).
To Enable HSTS or HTTP Strict Transport Security on your site, follow these steps
Login to your cPanel.
Click on File Manager at the Files section.
At the top-right side of the screen, click Settings.
Tick the Document Root radio button and select the domain name from the drop-down list for which HSTS needs to be enabled. Then, select the Show Hidden Files checkbox and click Save.
Navigate to the ~/public_html directory or the directory that your web files have been stored. Right-click on .htaccess file and click Edit.
Click Edit.
You can enable HSTS headers by adding the following line. Save your changes to the .htaccess file.
Congratulations! HSTS is now enabled for your site.
If you need any further assistance, do contact us at support@gbnetwork.my
The web server replies with a redirect (301 response code) that points to the HTTPS site. The browser makes an HTTPS connection to www.gbnetwork.my. In addition, it strengthens SSL by preventing many common attacks against it (such as protocol attack and cookie hijacking).
To Enable HSTS or HTTP Strict Transport Security on your site, follow these steps
Login to your cPanel.
Click on File Manager at the Files section.
At the top-right side of the screen, click Settings.
Tick the Document Root radio button and select the domain name from the drop-down list for which HSTS needs to be enabled. Then, select the Show Hidden Files checkbox and click Save.
Navigate to the ~/public_html directory or the directory that your web files have been stored. Right-click on .htaccess file and click Edit.
Click Edit.
You can enable HSTS headers by adding the following line. Save your changes to the .htaccess file.
Header set Strict-Transport-Security: "max-age=31536000 ; includeSubDomains ;" env=HTTPSCongratulations! HSTS is now enabled for your site.
If you need any further assistance, do contact us at support@gbnetwork.my
Updated on: 20/06/2022
Thank you!