From 3b66195deb2ea0ac0cf8542c82d91dfa5f3decdf Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Tue, 5 Oct 2021 01:13:52 +0200
Subject: [PATCH] make HSTS more strict & longer

---
 snippets/ssl_options.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/snippets/ssl_options.conf b/snippets/ssl_options.conf
index 01bb5e4..1dab1f5 100644
--- a/snippets/ssl_options.conf
+++ b/snippets/ssl_options.conf
@@ -10,6 +10,6 @@ ssl_dhparam /etc/ssl/certs/dhparam.pem;
 ssl_stapling on;
 ssl_stapling_verify on;
 
-add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 add_header X-Frame-Options DENY;
 add_header X-Content-Type-Options nosniff;