Commit cdf8353a authored by Cecilia Vela Gurovic's avatar Cecilia Vela Gurovic Committed by Gerrit Code Review

Merge "Bug 1855561: Only set the Strict-Transport-Security header if needed"

parents 7577913f db53b4de
......@@ -375,7 +375,10 @@ if (!defined('CLI')) {
header('X-Content-Type-Options: nosniff');
header('X-Permitted-Cross-Domain-Policies: master-only');
if (is_https()) {
header('Strict-Transport-Security: max-age=63072000');
if (!preg_grep("/^Strict-Transport-Security/", headers_list())) {
// Set this header only if not already set by the server
header('Strict-Transport-Security: max-age=63072000');
}
}
// Don't print precise PHP version as an HTTP header
header_remove('x-powered-by');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment