Issue #12881: Support Strict-Transport-Security header

See http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security for a full description of what this header achieves.
mantisbt · Mar 25, 2011 · 583cdbd · 583cdbd
1 parent 0cb72b7
commit 583cdbd
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/core/http_api.php b/core/http_api.php
@@ -150,6 +150,9 @@ function http_security_headers() {
 			}
 		}
 		header( "X-Content-Security-Policy: allow 'self';$t_avatar_img_allow; frame-ancestors 'none'" );
+		if ( isset( $_SERVER['HTTPS'] ) && ( utf8_strtolower( $_SERVER['HTTPS'] ) != 'off' ) ) {
+			header( 'Strict-Transport-Security: max-age=7776000' );
+		}
 	}
 }