Remediation Steps

Follow the steps below to remediate this finding on WordPress.

1. Add the following to your theme's functions.php:

   add_action('send_headers', function() {
   header('Strict-Transport-Security: max-age=31536000; includeSubDomains; preload');
   });

2. Alternatively, if using Apache, add to .htaccess:

   <IfModule mod_headers.c>
   Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
   </IfModule>