====== Ubuntu - PHP - Setting up HSTS in php ====== To test HSTS create the following PHP files. Ensure the call to header() occurs before any other output. Simply to navigate to https://sharewiz.net/HSTS/enableHSTS.php and my browser would detect the HSTS header and flag the site as a HSTS Host. Make sure when you access the page that you do so using **https://** as HSTS Headers will be ignored when sent over **http://** for security reasons. You also need to ensure that your browser is HSTS compliant. Then if it causes any problems for you you can either wait 10 minutes for the **max-age** directive to expire or navigate to the disableHSTS.php file to immediately expire the policy. ===== Enable HSTS ===== HSTS Enabled!"; ===== Disable HSTS ===== HSTS Disabled!";