Recommended releases

Download Released

This module inserts an HTTP Strict Transport Security header into your Backdrop
site's pages. For more information regarding HTTP Strict Transport Security, see

This method of header insertion is useful for those who can't change their web
server's configuration to include the HSTS header.


  • Install this module using the official Backdrop CMS instructions at

  • Visit the configuration page under Administration > Configuration > Security >
    HTTP Strict Transport Security Settings (admin/config/security/hsts) and alter
    the default settings as desired.

  • If your server is behind an SSL terminated proxy, you can set the HSTS headers
    to be included on HTTP responses as well. Please be advised, however, that the
    HSTS specification states that the STS headers should only be included on
    secure connections.


Bugs and Feature requests should be reported in the Issue Queue:

Current Maintainers



This project is GPL v2 software. See the LICENSE.txt file in this directory for
complete text.