By default site reach with http://, Once an SSL certificate is installed and the site can be reached via https:// appropriately, you might want to make it accessible via https:// by default. In other words, by typing domain.com in a web-browser, a user should be redirected to https://domain.com to access the site securely.
You can force an HTTPS connection on your website by adding these rules in your website’s .htaccess file. The file itself can be found if you go to cPanel >> File Manager. There, find the document root of your website. For primary cPanel domains, the folder is usually ‘public_html’. If the website is an add-on, you can look up its document root in Addon domains section.
When you find the folder, the .htaccess file may already be there. To double-check it, click Settings in the top-right corner and tick Show hidden files (dotfiles).
If you don’t find the .htaccess there, feel free to create it by clicking +File. Make sure to name the file .htaccess, starting with the dot.
To open the file, right-click it, then click Edit. A warning box will pop up, but click on Edit.
Paste the following code and save the file.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"
