I can not enable HSTS

#1

Attachments

Pong

Well-Known Member
Staff member
#4
For cpanel, LiteSpeed will use Apache configuration. you should choose "Using Apache Configs" Not "Using LSWS-Native Configs", basically add the following in .htaccess
Header always set Strict-Transport-Security "max-age=31536000"
 
#5
Got it!
I have several sites on my server and I can not add this policy to every .htaccess. Can you provide me information on how I can apply this across all sites?
 
#9
It's working, it's fantastic, thank you !!!!
But I was really wrong about how HSTS works. I thought that sites with HTTP would automatically be redirected to HTTPS versions. Could you tell me why this did not happen and how do I solve it?
 

Jon K

Administrator
Staff member
#10
HSTS just states to use HTTPS over HTTP once it is being used. If you still have links that force http:// then they will still go the insecure route. You will need to create rewrite rules to force requests http -> https.
 
Top