Skip to contents

Construct settings for the Strict-Transport-Security header

Source: R/SecurityHeaders_helpers.R
sts.Rd

This helper function exists mainly to document the possible values and prevent misspelled directives. It returns a bare list. See MDN for more information on the header

Usage

sts(max_age, include_sub_domains = NULL, preload = NULL)

Arguments

max_age

The maximum age the settings should be kept in the browser cache, in seconds. Recommended value is 63072000 (2 years)

include_sub_domains

Logical. Should subdomains be included in the policy

preload

Allow the settings to be cached and preloaded by a third-party, e.g. Google or Mozilla. Can only be set if include_sub_domains is TRUE and max_age is at least 31536000 (1 year)

Value

A bare list with the input arguments

Examples

# Default settings
sts(
  max_age = 63072000,
  include_sub_domains = TRUE
)
#> $max_age
#> [1] 63072000
#> 
#> $include_sub_domains
#> [1] TRUE
#> 
#> $preload
#> NULL
#>