Enable HTTP Strict Transport Security (HSTS) in WordPress
Add the following code into your theme’s functions.php
/**
* Enables the HTTP Strict Transport Security (HSTS) header in WordPress.
*/
function tg_enable_strict_transport_security_hsts_header_wordpress() {
header( ‘Strict-Transport-Security: max-age=31536000’ );
}
add_action( ‘send_headers’, ‘tg_enable_strict_transport_security_hsts_header_wordpress’ );
Source:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security