====== Ubuntu - PHP - Setting up HSTS in php ======


To test HSTS create the following PHP files.  Ensure the call to header() occurs before any other output.

Simply to navigate to https://sharewiz.net/HSTS/enableHSTS.php and my browser would detect the HSTS header and flag the site as a HSTS Host. 

Make sure when you access the page that you do so using **<nowiki>https://</nowiki>** as HSTS Headers will be ignored when sent over **<nowiki>http://</nowiki>** for security reasons.  You also need to ensure that your browser is HSTS compliant.  Then if it causes any problems for you you can either wait 10 minutes for the **max-age** directive to expire or navigate to the disableHSTS.php file to immediately expire the policy. 


===== Enable HSTS =====


<file php enableHSTS.php>
<?php header("strict-transport-security: max-age=600");
echo "<b>HSTS Enabled!</b>";
</file>
 

===== Disable HSTS =====

<file php disableHSTS.php>
<?php header("strict-transport-security: max-age=0");
echo "<b>HSTS Disabled!</b>";
</file>