is now secure

I went on a course of The Best TLS Training and thought i should implement what i learn on my domain. Previously, was Grade A on and Grade ‘F’ on

But special thanks to, i was able to make it Grade ‘A+’ on both security analyser websites.

Its very easy to do, i only spent 5 minutes to achieve this. You can do it to even if you don’t have access to nginx server you can do it via passing headers in PHP like i did:

//If the HTTPS is not found to be "on"
if(!isset($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != "on")
    //Tell the browser to redirect to the HTTPS URL.
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    //Prevent the rest of the script from executing.

header("strict-transport-security: max-age=31536000; includeSubDomains; preload");
header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff");
header("X-XSS-Protection: 1; mode=block");
header("Referrer-Policy: no-referrer");
header("Content-Security-Policy: upgrade-insecure-requests");

And if you want to go one step further you can also submit your website to which will make all browsers always open your website in HTTPS but becareful about it as you can break things as your http endpoints will stop working.


Leave a Reply

Your email address will not be published. Required fields are marked *