Hi,
HSTS is a very strong security barrier that should be enabled on any WordPress Website using SSL and/or TLS. With this snippet, your HSTS Header is being set with a lifetime of one year. It also add HSTS Preload, which you can verify, once added to your functions.php file, by visiting https://hstspreload.org/.
Add the following snippet to your functions.php, or via a Code Snippets Plugin.
function add_security_headers() {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
}
add_action('send_headers', 'add_security_headers');
Leave a Reply