⚠️ I no longer maintaing this project, if you have access to the server add these headers and redirections early on before the request even reaches the application
This hook will automatically redirect to the HTTPS version of your website and set the appropriate headers.
Make sure your base_url
starts with https
Copy /application/config/hooks.php
into your application
's folder.
If you have other hooks copy the content of /application/config/hooks.php
to your hooks.php
file.
Enable hooks by modifying your /application/config/config.php
, set enable_hooks
to TRUE
:
/*
|--------------------------------------------------------------------------
| Enable/Disable System Hooks
|--------------------------------------------------------------------------
|
| If you would like to use the 'hooks' feature you must enable it by
| setting this variable to TRUE (boolean). See the user guide for details.
|
*/
$config['enable_hooks'] = TRUE;
The hook will:
- Redirect to the HTTPS version if accessed from a non-secure connection.
- Make cookies only accessible via HTTPS (no JavaScript)
- Set the following headers:
Strict-Transport-Security: max-age=2629800
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block