Closed timwood closed 9 years ago
Attempts at configuring via .htaccess failed, likely do to Acquia hosting architecture/caching layer. Need to contact Acquia support or just use module.
I enabled the seckit module and the HSTS setting. Will be available on production on next release.
http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Configure via .htaccess:
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
This will likely cause all Acquia environments to enforce HSTS, which should actually be fine. Looking for a method to conditionally set the header via hostname, unsuccessfully.OR
Configure via drupal module: https://www.drupal.org/project/hsts https://www.drupal.org/project/seckit