How to set HSTS headers in functions.php

In cases where .htaccess changes is not possible¬†and there’s a WordPress in use the HSTS headers can be set using the following function:


add_action( 'send_headers', 'mo_strict_transport_security' );
function mo_strict_transport_security() {
header( 'Strict-Transport-Security: max-age=15552001; includeSubDomains; preload' );
}

The header format may vary, more details here.

Leave a Reply