Recommended releases

Download Links

This module inserts an HTTP Strict Transport Security header into your Backdrop
site's pages. For more information regarding HTTP Strict Transport Security, see
http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

This method of header insertion is useful for those who can't change their web
server's configuration to include the HSTS header.

Installation

  • Install this module using the official Backdrop CMS instructions at
    https://backdropcms.org/guide/modules

  • Visit the configuration page under Administration > Configuration > Security >
    HTTP Strict Transport Security Settings (admin/config/security/hsts) and alter
    the default settings as desired.

  • If your server is behind an SSL terminated proxy, you can set the HSTS headers
    to be included on HTTP responses as well. Please be advised, however, that the
    HSTS specification states that the STS headers should only be included on
    secure connections.

Issues

Bugs and Feature requests should be reported in the Issue Queue:
https://github.com/backdrop-contrib/hsts/issues

Current Maintainers

Credits

License

This project is GPL v2 software. See the LICENSE.txt file in this directory for
complete text.