Commit 56ff87df authored by Robert Lyon's avatar Robert Lyon
Browse files

Bug 1734767: Add HTTP Strict Transport Security (HSTS) header

When the site is an https site


Change-Id: Ic10204bc19f0dd729ac7a884423be4783a59749e
Signed-off-by: Robert Lyon's avatarRobert Lyon <>
parent b9ffa401
......@@ -359,7 +359,9 @@ if (!defined('CLI')) {
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Permitted-Cross-Domain-Policies: master-only');
if (is_https()) {
header('Strict-Transport-Security: max-age=63072000');
// Don't print precise PHP version as an HTTP header
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment