Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Drupal.

  1. Install and enable the Security Kit (SecKit) module:

    composer require drupal/seckit
drush en seckit

  2. Navigate to Admin > Configuration > System > Security Kit.

  3. Under the "HTTP Strict Transport Security" section, enable HSTS and set the max-age to 31536000.

  4. Enable "Include Subdomains" and "Preload" as needed.

  5. Save the configuration.

Back to top