How to enable HSTS on WHM VPS servers…

Header always set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”

Header always edit Set-Cookie (.*) “$1;HttpOnly;Secure”

Header always set X-Frame-Options “sameorigin”

Header setifempty Referrer-Policy: same-origin

Header set X-XSS-Protection “1; mode=block”

Header set X-Permitted-Cross-Domain-Policies “none”

Header set Referrer-Policy “no-referrer”

Header set X-Content-Type-Options: nosniff

</IfModule>

How can I determine whether my VPS Dedicated Server (WHM) has HSTS enabled or disabled?

You can use the below mentioned command for linux server,to check HSTS enabled or not::

curl -s -D- https://lighting-by-gabrielli.co.uk/ | grep -i Strict

It will shows output like >>Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

That means the HSTS is enabled on server.

You can also verify by using an external tool, which displays whether or not HSTS is enabled graphically.

https://www.ssllabs.com/ssltest/analyze

How to check the TLS version on plesk server.

You can used the below provided link to check the which TLS version is enabled in plesk server.

https://www.cdn77.com/tls-test >>Browse the mentioned URL and add your domain name.

How to check the TLS version on WHM

1.Login to your WHM account.

2.In WHM search bar search the >>Apache Configuration >>Global configuration

3.Here,look for the SSL/TLS protocols field and enter::

4.After that click on SAVE button.

5.Click the Rebuild Configuration and restart apache button to apply the TLS changes.

To test the enabled protocols use the SSL tool from https://www.ssllabs.com/ssltest/ The TLS status prior to enabling TLS version 1.3:

The TLS 1.3 not enabled

The TLS status after enabling TLS version 1.3. As you can see, now both TLS 1.2 and 1.3 are enabled on the server:

TLS 1.3 enabled