Log in
Model

Hsts

Magento\Store\Model\HeaderProvider\Hsts

What it does

This class adds the HTTP Strict-Transport-Security (HSTS) header to responses, which instructs browsers to only access the site over HTTPS for a specified period (one year by default).

Developers use this to enhance security by preventing protocol downgrade attacks and cookie hijacking.

The header is only applied when HTTPS is enabled for both frontend and admin areas, and HSTS is explicitly enabled in store configuration.

Public Methods

  • canApply()