Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
If you have access to the server settings *(You are using a VPS or DEDICATED server) then you can enable it server-wide for all domains by adding the snippet to the /etc/apache2/conf.d/includes/pre_main_global.conf file
TIP: If you are using Apache and not LiteSpeed WebServer then you also need to restart the service for the new configuration to take effect.
If you are using Cloudflare, simply enable HTTP Strict Transport Security (HSTS) under SSL/TLS > Edge Certificates.
and on the next popup set: