Include HSTS support for fixed files like .css | WordPress.org

dredgie
(@dredgie)

1 year, 5 months ago

Hello, all – I’m trying to figure out why HSTS is only applied to .php and .HTML files. My security auditors are failing the site as .css is still unprotected.

location ~* .(php|html)$ {
add_header Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”;
}

In the ‘location’ was not included, every file would be covered, as I understand. It looked like I could edit this (manual setup) but I couldn’t make any changes.

Anyone know what I’m missing, here?

Thank you!

The topic ‘Include HSTS support for fixed files like .css’ is closed to new replies.

Tags

css

0 replies
1 participant
Last reply from: dredgie
Last activity: 1 year, 5 months ago
Status: not resolved