Define minimal HSTS and CSP headers by default

Seravo / wordpress

The WordPress project layout used by many of Seravo's customers, suitable also for local development with Vagrant and git deployment

https://seravo.com

GNU General Public License v3.0

104 stars 53 forks source link

Define minimal HSTS and CSP headers by default #162

Closed ottok closed 3 years ago

ottok commented 3 years ago

Remove HTTPS redirect as it occasionally interferes with valid http request that e.g. want to validate certs via ACME HTTP method.

The HTTP->HTTPS redirect is anyway done by default WordPress itself to ensure canonical domains and in general redirects are better done in PHP anyway.