HTTP Strict Transport Security (HSTS) instructs web browsers to only use secure connections for all future requests when communicating with a web site. Doing so helps prevent SSL protocol attacks, SSL stripping, cookie hijacking, and other attempts to circumvent SSL protection.
To enable HSTS, you just need to create .htaccess and place the code inside
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
To check if the HSTS is working, you can use the checking tools here
If you see it was green on Strict-Transport-Security, then it was done correctly.
More detail info about HSTS : Wikipedia