Enable HSTS for all apache served SSL sites
authorTom Hughes <tom@compton.nu>
Thu, 11 Jan 2018 18:13:53 +0000 (18:13 +0000)
committerTom Hughes <tom@compton.nu>
Thu, 11 Jan 2018 18:23:31 +0000 (18:23 +0000)
cookbooks/apache/templates/default/ssl.erb

index a703b04c7a518c9e6e241315af11c86adc5033d9..7b16c1bbda3b1acb30979a08043c99891f4a6922 100644 (file)
@@ -15,3 +15,5 @@ SSLStaplingErrorCacheTimeout 60
 SSLStaplingReturnResponderErrors off
 SSLStaplingFakeTryLater off
 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
+
+Header setifempty Strict-Transport-Security max-age=3600 env=HTTPS