www.hkvforums.com


https://www.hkvforums.com/

HTTP Strict Transport Security (HSTS) Policy Not Enabled

https://www.hkvforums.com/viewtopic.php?t=58816

Page 1 of 1

HTTP Strict Transport Security (HSTS) Policy Not Enabled

Posted: Wed Apr 10, 2024 5:03 pm
by mishanian

Hi, I did penetration test and I got this error:

HTTP Strict Transport Security (HSTS) Policy Not Enabled

is there any simple way to add following line to .htaccess by PHPMaker (not manually that will be overwrite on each generate)

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

of add the following to PHP header in all pages:

<?php
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
?>

Re: HTTP Strict Transport Security (HSTS) Policy Not Enabled

Posted: Wed Apr 10, 2024 6:34 pm
by arbei

You may make an extension to append code to the .htaccess file.

All times are UTC+08:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited