I can not enable HSTS




Well-Known Member
Staff member
For cpanel, LiteSpeed will use Apache configuration. you should choose "Using Apache Configs" Not "Using LSWS-Native Configs", basically add the following in .htaccess
Header always set Strict-Transport-Security "max-age=31536000"
Got it!
I have several sites on my server and I can not add this policy to every .htaccess. Can you provide me information on how I can apply this across all sites?
It's working, it's fantastic, thank you !!!!
But I was really wrong about how HSTS works. I thought that sites with HTTP would automatically be redirected to HTTPS versions. Could you tell me why this did not happen and how do I solve it?

Jon K

Staff member
HSTS just states to use HTTPS over HTTP once it is being used. If you still have links that force http:// then they will still go the insecure route. You will need to create rewrite rules to force requests http -> https.