function _seckit_hsts in Security Kit 7
Same name and namespace in other branches
- 6 seckit.module \_seckit_hsts()
Sends HTTP Strict-Transport-Security header (HSTS).
The HSTS header prevents certain eavesdropping and MITM attacks like SSLStrip. It forces the user-agent to send requests in HTTPS-only mode. e.g.: http:// links are treated as https://
Implementation of HSTS is based on the specification draft available at http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
1 call to _seckit_hsts()
- seckit_init in ./
seckit.module - Implements hook_init().
File
- ./
seckit.module, line 704 - Allows administrators to improve security of the website.
Code
function _seckit_hsts() {
$options = _seckit_get_options();
$header[] = sprintf("max-age=%d", $options['seckit_ssl']['hsts_max_age']);
if ($options['seckit_ssl']['hsts_subdomains']) {
$header[] = 'includeSubDomains';
}
if ($options['seckit_ssl']['hsts_preload']) {
$header[] = 'preload';
}
$header = implode('; ', $header);
drupal_add_http_header('Strict-Transport-Security', $header);
}