diff options
| author | Frédéric Guillot <contact@fredericguillot.com> | 2014-02-21 19:45:55 -0500 |
|---|---|---|
| committer | Frédéric Guillot <contact@fredericguillot.com> | 2014-02-21 19:45:55 -0500 |
| commit | 94ce6f136419aa8b126017bc510f25b1b4d653af (patch) | |
| tree | 56af43930c0b173239a2e1af2c8f4977f6a0901d | |
| parent | f51aae9b16c5a80f97268f4ec2bbc206206c0b9d (diff) | |
Display HSTS headers only when HTTPS is used
| -rw-r--r-- | lib/response.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/response.php b/lib/response.php index e1b808bf..ceaf32c5 100644 --- a/lib/response.php +++ b/lib/response.php @@ -125,7 +125,9 @@ class Response public function hsts() { - header('Strict-Transport-Security: max-age=31536000'); + if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { + header('Strict-Transport-Security: max-age=31536000'); + } } public function xframe($mode = 'DENY', array $urls = array()) |