Last modified: 2014-11-10 15:47:12 UTC
[[HTTP Strict Transport Security]] header should be sent by MediaWiki.
This will seemingly also require some server side configuration for it to be enabled on WMF projects
(In reply to comment #1) > will also require some server side configuration on WMF projects Covered in bug 38516
The extension HSTS https://www.mediawiki.org/wiki/Extension:HSTS does exactly this (adding STS header) with some possibility to customise it per user, by means of BetaFeature if it is installed or a classical preference else. Does it answer to the bug, or should it stay open to discuss about adding HSTS in MediaWiki core? (for the Wikimedia sites, see bug 38516.)