ubuntu:php:setting_up_hsts_in_php
Table of Contents
Ubuntu - PHP - Setting up HSTS in php
To test HSTS create the following PHP files. Ensure the call to header() occurs before any other output.
Simply to navigate to https://sharewiz.net/HSTS/enableHSTS.php and my browser would detect the HSTS header and flag the site as a HSTS Host.
Make sure when you access the page that you do so using https:// as HSTS Headers will be ignored when sent over http:// for security reasons. You also need to ensure that your browser is HSTS compliant. Then if it causes any problems for you you can either wait 10 minutes for the max-age directive to expire or navigate to the disableHSTS.php file to immediately expire the policy.
Enable HSTS
- enableHSTS.php
<?php header("strict-transport-security: max-age=600"); echo "<b>HSTS Enabled!</b>";
Disable HSTS
- disableHSTS.php
<?php header("strict-transport-security: max-age=0"); echo "<b>HSTS Disabled!</b>";
ubuntu/php/setting_up_hsts_in_php.txt · Last modified: 2020/07/15 09:30 by 127.0.0.1