HSTS (HTTP Strict Transport Security) is a standard used by HTTP client applications to enforce the use of SSL communication between a site and the client. This module adds the appropriate headers to your Drupal site to trigger the HSTS on a supported client.

This module is for users who either can't change the web server configuration to include the necessary headers to enable HSTS or only want those headers for certain sites in a multi-site configuration. If you have the option to use your web server to add and manage the HSTS header data I recommend you do so. It'll save you a little extra PHP processing.

If not, then I hope this module helps you out.

For more information regarding HTTP Strict Transport Security see http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

Supporting organizations: 
Developer resources

Project information

  • caution Minimally maintained
    Maintainers monitor issues, but fast responses are not guaranteed.
  • caution Maintenance fixes only
    Considered feature-complete by its maintainers.
  • Module categories: Security
  • chart icon2,831 sites report using this module
  • shieldStable releases for this project are covered by the security advisory policy.
    Look for the shield icon below.