Differences

This shows you the differences between two versions of the page.

--- php:setting_up_hsts_in_php [2016/10/10 22:40] – created peter
+++ php:setting_up_hsts_in_php [2019/11/29 16:20] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== PHP - Setting up HSTS in php ======
-To test HSTS create the following PHP files.  Ensure the call to header() occurs before any other output.
-Simply to navigate to https://sharewiz.net/HSTS/enableHSTS.php and my browser would detect the HSTS header and flag the site as a HSTS Host.
-Make sure when you access the page that you do so using **<nowiki>https://</nowiki>** as HSTS Headers will be ignored when sent over **<nowiki>http://</nowiki>** for security reasons.  You also need to ensure that your browser is HSTS compliant.  Then if it causes any problems for you you can either wait 10 minutes for the **max-age** directive to expire or navigate to the disableHSTS.php file to immediately expire the policy.
-===== Enable HSTS =====
-<file php enableHSTS.php>
-<?php header("strict-transport-security: max-age=600");
-echo "<b>HSTS Enabled!</b>";
-</file>
-===== Disable HSTS =====
-<file php disableHSTS.php>
-<?php header("strict-transport-security: max-age=0");
-echo "<b>HSTS Disabled!</b>";
-</file>