TwistAndShout

Active Member
Mar 2, 2021
39
6
8
Paris
cPanel Access Level
Root Administrator
Hello,

I have a security red score on webpagetest.org as you can see here : WebPageTest Test Result - Paris - EC2 - Ch...mprunter-malin.com - 05/28/21 05:27:25.

In order to improve security, a developer has asked me to do the follwowing :

1- Enable HSTS in Apache

OR :

Add the following code to your virtual hosts file"

Header always set Strict-Transport-Security max-age=31536000


2- Add HTTP security header

HTTP Strict Transport Security (HSTS)
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Referrer-Policy
Feature-Policy
(HSTS)
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Referrer-Policy
Feature-Policy

And this brings me to 2 questions :

1- I couldn't find how to enable HSTS in Apache in the docs, is it possible from CPanel or WHM ?

2- In wich file exactly do I insert the HTTP security header ?

More generally, if anyone has any suggestion on how to improve security as per webpagetest.org, I will be glad to listen.

Thanks in advanced.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,616
2,624
363
cPanel Access Level
Root Administrator