HSTS Header

Developer

JCOGS Design

3rd Party (Free)

5 downloads (last 90 days)

Download v1.0.0

EE Version Support

  • ExpressionEngine 3
  • ExpressionEngine 4

Compatibility

If an item is crossed out, it might be untested, not applicable or incompatible. Contact the developer to be sure.

  • Updater
  • Multi Site Manager
  • Stand Alone Entry Form
  • Low Variables
  • Content Elements
  • Better Workflow
  • Matrix
  • Grid
  • Webservice
  • Publisher

Requirements

  • jQuery for the Control Panel

Add-On Type(s)

Plugin

Tags

This plugin allows you to set the HTTP HSTS Header in a template.

Usage

{exp:hsts_header}

Example Usage

This is a single tag that will set the HSTS header to sensible default values or whatever you specify for the parameters available.
Simple usage

  {exp:hsts_header}
This will set the header using default values, equivalent to
    Header set Strict-Transport-Security “max-age=86400”

Advanced usage

  {exp:hsts_header max_age=“31415926” include_sub_domains=“yes” preload=“yes” env_https=“yes”}
This will set a header equivalent to
    Header set Strict-Transport-Security “max-age=31415926; includeSubDomains; preload” env=HTTPS

Parameters

  max_age= (value) - Sets the value for the max-age parameter, ignored if set to non-value (default max_age=“86400”)
  include_sub_domains= (yes/no) - Determines whether the includeSubDomains flag is set (default include_sub_domains=“no”)
  preload= (yes/no) - Determines whether the preload flag is set (default preload=“no”)
  env_https= (yes/no) - Determines whether the env parameter is set to https (default env_https=“no”)

More information

More information on the Strict-Transport-Security header from OWASP

Download HSTS Header

EE Support Downloads Add-On Version Release Date
3.1.0+ Download 1.0.0

HSTS Header Links

This entry was created October 24, 2018, 6:19 pm.
This entry was last updated November 15, 2018, 11:29 am.

Disclaimer: Information about ExpressionEngine add-ons is provided as a service to you, the user, and every member of the ExpressionEngine community. devot:ee is not responsible if you hose, mangle, wreck, or otherwise destroy your EE website by installing an add-on that you found out about at this site, regardless of its rating, Favorites status, commercial or free status, or general popularity. Caveat EEmptor!

Returns: devot:ee has a 30-day return policy on all commercial add-ons sold through devot-ee.com. If you need to return an add-on, do not go to the developer or the developer's site, but rather visit our returns page at https://devot-ee.com/returns to initiate your return. If you have questions, email support@devot-ee.com.

1 Review:

stefanos 10.25.18

Rating - {addon_rating_average}

Nice work for the security enchancement, redirecting HTTP requests to HTTPS.