/** * Enables the HTTP Strict Transport Security (HSTS) header in WordPress. * Includes preloading with subdomain support. */ function tg_enable_strict_transport_security_hsts_header_wordpress() { header( 'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload' ); } add_action( 'send_headers', 'tg_enable_strict_transport_security_hsts_header_wordpress' );