Commit b5767b0f authored by Robert Lyon's avatar Robert Lyon

Bug 1734767: Add HTTP Strict Transport Security (HSTS) header

When the site is an https site

behatnotneeded

Change-Id: Ic10204bc19f0dd729ac7a884423be4783a59749e
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit 56ff87df)
parent 1463b86d
......@@ -359,7 +359,9 @@ if (!defined('CLI')) {
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Permitted-Cross-Domain-Policies: master-only');
if (is_https()) {
header('Strict-Transport-Security: max-age=63072000');
}
// Don't print precise PHP version as an HTTP header
header_remove('x-powered-by');
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment