This module inserts an HTTP Strict Transport Security header into your Backdrop site's pages. For more information regarding HTTP Strict Transport Security, see http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
This method of header insertion is useful for those who can't change their web server's configuration to include the HSTS header.
-
Install this module using the official Backdrop CMS instructions at https://backdropcms.org/guide/modules
-
Visit the configuration page under Administration > Configuration > Security > HTTP Strict Transport Security Settings (admin/config/security/hsts) and alter the default settings as desired.
-
If your server is behind an SSL terminated proxy, you can set the HSTS headers to be included on HTTP responses as well. Please be advised, however, that the HSTS specification states that the STS headers should only be included on secure connections.
Bugs and Feature requests should be reported in the Issue Queue: https://github.com/backdrop-contrib/hsts/issues
- Jerry Hudgins (https://github.com/jerry-hudgins/)
- Ported to Backdrop CMS by Jerry Hudgins (https://github.com/jerry-hudgins/).
- Originally written for Drupal by Mathew Winstone (https://github.com/minorOffense/).
This project is GPL v2 software. See the LICENSE.txt file in this directory for complete text.