To enable HTTP Strict Transport Security (HSTS) on an Apache server using a .htaccess file, you will need to add the
Strict-Transport-Security header. Here's how to do it:
Open the .htaccess file in the root directory of your website. If it doesn't exist, you can create one.
Add the following lines to your .htaccess file:
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
max-age=31536000 directive tells the browser to request this site over HTTPS for the next year (the time is in seconds). The
includeSubDomains directive applies this rule to all of the site's subdomains as well.
Please note that enabling HSTS will instruct browsers to only access your site via HTTPS. This will continue even if you remove the HSTS header from your .htaccess file. Therefore, ensure your site is properly configured for HTTPS before enabling HSTS.