Subdomain doesn’t support HSTS(SEO audit) in WordPress

Moving your site to HTTPS is not a nice SEO bonus. However, HSTS is a way to tell the browser that the connection should only be encrypted.
But HSTS is a bit difficult from a security standpoint as the browser needs to communicate before to known the site uses HSTS.
Before we head on you should know that in this we will target the send_headers action hook, which is used to add additional headers to your outgoing HTTP responses. Make sure that your site has a functioning SSL certificate for this implementation to work.
Paste the following to function.php in child theme.

 * Enables the HTTP Strict Transport Security (HSTS) header in WordPress. 

function wps_enable_strict_transport_security_hsts_header_wordpress() {
     header( 'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload' );

add_action('send_headers','wps_enable_strict_transport_security_hsts_header_wordpress' );

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top