Impossible to disable HSTS header

  • Resolved Synchro

    (@synchro)


    8 years, 5 months ago

    Ninja firewall has an option to set the Strict-Transport-Security header, however when it is set to “no”, it still sets the header but with a 0 max-age. This is useful for resetting HSTS, but that’s not what I want to do. I’m setting the HSTS header in my nginx config server-wide across multiple sites, so I don’t want Ninja firewall to set it at all. It would be better if the 0 option was under ‘yes’, along with the other duration options, and the ‘no’ option disabled it entirely.

    https://wordpress.org/plugins/ninjafirewall/

Viewing 1 replies (of 1 total)
  • Plugin Author nintechnet

    (@nintechnet)

    8 years, 5 months ago

    This was fixed in v1.8 which will be available later this week or early next week. See changelog here.

    We added a “Set max-age to 0” option to reset HSTS, and changed the current “No” so that it does not return anything.

Viewing 1 replies (of 1 total)
  • The topic ‘Impossible to disable HSTS header’ is closed to new replies.