Table of Contents

Ubuntu - PHP - Setting up HSTS in php

To test HSTS create the following PHP files. Ensure the call to header() occurs before any other output.

Simply to navigate to https://sharewiz.net/HSTS/enableHSTS.php and my browser would detect the HSTS header and flag the site as a HSTS Host.

Make sure when you access the page that you do so using https:// as HSTS Headers will be ignored when sent over http:// for security reasons. You also need to ensure that your browser is HSTS compliant. Then if it causes any problems for you you can either wait 10 minutes for the max-age directive to expire or navigate to the disableHSTS.php file to immediately expire the policy.

Enable HSTS

enableHSTS.php
<?php header("strict-transport-security: max-age=600");
echo "<b>HSTS Enabled!</b>";

Disable HSTS

disableHSTS.php
<?php header("strict-transport-security: max-age=0");
echo "<b>HSTS Disabled!</b>";