WebFaction
Community site: login faq

I'm trying to add the Strict-Transport-Security header to my site. I added the following line to .htaccess in the root:

Header add Strict-Transport-Security "max-age=15768000"

However I'm not seeing that header in the response from the server.

Is there a way to add this ? I guess I could add it in the application but then it wouldn't get served with static assets etc.

asked 27 Mar '14, 15:46

kevinburke
2711115
accept rate: 0%


We have explored this as a possibility in the past, it boils down to the fact mod_headers does not work with CGI scripts, it is a limitation of the module itself. You must set it in the application.

permanent link

answered 27 Mar '14, 23:14

johns
5.4k312
accept rate: 23%

What means "set it in the application" exactly?

(06 Jan '15, 20:01) ibobik

It means that you set the headers in your application code, instead of in the Apache configuration. For example, in PHP you could do this:

<?php
header('Strict-Transport-Security: max-age=15768000');
(06 Jan '15, 21:32) seanf
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×225
×69

question asked: 27 Mar '14, 15:46

question was seen: 6,618 times

last updated: 06 Jan '15, 21:32

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM