HTTP Strict Transport Security (HSTS)

  • Hi,

    I use “https://webbkoll.dataskydd.net/” to analyze my hosted website.

    All is perfectly set and I am getting best analysis results (also on SSL Labs).

    My Installation folder is like “www/wordpress”. My WP_CONFIG and .httaccess is located in www folder. The .httaccess within “www/wordpress” is empty.

    Within my .htaccess I use mod_headers.c but commented out the HSTS setting:

    #Header always set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”

    Webkoll is reporting: “max-age=15768000; includeSubDomains”

    After activating the HSTS in my .htaccess, WebKoll is reporting: “max-age=31536000; includeSubDomains; preload; max-age=15768000; includeSubDomains”. So it reports both: the default and my setting.

    Meanwhile I checked the function.php of my theme and all other .htaccess files within the wordpress folders without any hit.

    Where do I manage the default HSTS setting (before I activate my definition within my .htaccess)? Where is the default setting “max-age=15768000; includeSubDomains” coming from?

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘HTTP Strict Transport Security (HSTS)’ is closed to new replies.