make HSTS more strict & longer

2021-10-05 01:13:52 +02:00 · 2021-10-05 01:13:52 +02:00 · 3b66195deb
commit 3b66195deb
parent c77fce86a8
1 changed files with 1 additions and 1 deletions
--- a/snippets/ssl_options.conf
+++ b/snippets/ssl_options.conf
@ -10,6 +10,6 @@ ssl_dhparam /etc/ssl/certs/dhparam.pem;
 ssl_stapling on;
 ssl_stapling_verify on;

-add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 add_header X-Frame-Options DENY;
 add_header X-Content-Type-Options nosniff;