How to Use the Force HTTPS Redirect in cPanel

What is HTTPS and why should you use it?


HTTPS, displayed as a padlock icon in the web browser bar, indicates the SSL protocol is being used to send data between a web server and a website. Any website, especially those that require login credentials, sensitive data, should use HTTPS.


How does HTTPS redirection work?

Let’s say that you’ve just installed an SSL on your website, whether through our one-click Let’s Encrypt installer or one that you’ve purchased through your Client Area.

The force HTTPS redirect feature in cPanel allows you to automatically redirect visitors to the secure version of your website.


How to force HTTP to HTTPS redirect in cPanel?

Watch the tutorial on Youtube up.

Or follow the text-based tutorial:

1. Go ahead and log in to cPanel.

2. Once you are in the cPanel dashboard, scroll down to the “Domain” section and click on the Domain icon.


cPanel > Domains


Then the domains interface will appear where you will see a list of all the domains on your cPanel account. You’ll see the “Force HTTPS Redirect” column.

3. Let’s locate the domain that you wish to redirect to https and set the appropriate force HTTPS redirect toggled to on.

A success message will appear.

You can toggle several of your domains to enable or disable forced HTTPS redirects with the option at the top of the table. Just select the checkbox for each domain, and then select whether you want to toggle them all on or off.

4. Now let’s go back and access your website. Notice how it redirects us to the secure version, and we see a secure lock symbol in the location bar.

This means we’re using a secure connection to the site.


How to force HTTP to HTTPS redirect for Addon Domains?

There’s one other aspect that you need to know about this feature – Addon and parked domains inherit their settings from their associated domains.

1. Let’s click the gear icon and then click “Show Associated subdomains”

2. The associated subdomain for that addon domain will appear. Set the appropriate force HTTPS redirect toggled to on. A success message will appear.

In our example, we have forced HTTPS for domain.com which is added as an addon.

3. Now let’s go back and access your website. Notice how it redirects us to the secure version, and we see a secure lock symbol in the location bar.

That means we’re using a secure connection to the site.


Resolving SSL Mixed Content Warnings

Once doing the redirect from HTTP to HTTPS, if you are facing SSL mixed content warnings, you only need to add the following lines of code to your site’s .htaccess file:


<ifModule mod_headers.c>

Header always set Content-Security-Policy "upgrade-insecure-requests;"

</IfModule>


Now let’s go back and access your website. Notice how it redirects us to the secure version, and we see a secure lock symbol in the location bar.


As always, we’re here if you have any questions!

Was this article helpful?

Thanks for your opinion!
Have more questions? Submit a request
LastModified: November 7, 2021 2:30 pm