Commit 6c54a4ab authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review
Browse files

Merge "Bug 1734767: Add HTTP Strict Transport Security (HSTS) header"

parents 287814bc 56ff87df
...@@ -359,7 +359,9 @@ if (!defined('CLI')) { ...@@ -359,7 +359,9 @@ if (!defined('CLI')) {
header('X-XSS-Protection: 1; mode=block'); header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff'); header('X-Content-Type-Options: nosniff');
header('X-Permitted-Cross-Domain-Policies: master-only'); header('X-Permitted-Cross-Domain-Policies: master-only');
if (is_https()) {
header('Strict-Transport-Security: max-age=63072000');
// Don't print precise PHP version as an HTTP header // Don't print precise PHP version as an HTTP header
header_remove('x-powered-by'); header_remove('x-powered-by');
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment