HTTP Strict Transport Security

  • I would like to turn on HTTP Strict Transport Security on my WordPress blog. Unfortunately, I don’t have the ability to edit the httpd.conf file so I would like to have the PHP scripts themselves generate the Strict-Transport-Security header as outlined in this article:

    https://secure.wikimedia.org/wikipedia/en/wiki/Strict_Transport_Security

    Has this already been done somewhere in the code? I can’t find a settings control to turn it on, if so. What would be the best file to modify to insert this header?

Viewing 1 replies (of 1 total)
  • Thread Starter mccap

    (@mccap)

    Ok, this was a lot easier than I thought. I just put a few lines into index.php in the top level directory:


    <?php

    if (!isset($_SERVER['HTTPS'])) {
    header('Status-Code: 301');
    header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
    } else {
    header('Strict-Transport-Security: max-age=500');
    ...rest of file...
    }
    ?>

Viewing 1 replies (of 1 total)
  • The topic ‘HTTP Strict Transport Security’ is closed to new replies.