roles/nginx: Use stronger HSTS header
Include subdomains in the HTTP Strict Transport Security header, and include the "preload" verb to inform Google we want to be pre- loaded into the HSTS preload. See: https://hstspreload.appspot.com/ Signed-off-by: Alan Orth <alan.orth@gmail.com>
This commit is contained in:
parent
3a4e7455c7
commit
f9ea01ba8f
@ -69,7 +69,9 @@ server {
|
|||||||
|
|
||||||
{% if use_https == "yes" %}
|
{% if use_https == "yes" %}
|
||||||
# Enable this if you want HSTS (recommended, but be careful)
|
# Enable this if you want HSTS (recommended, but be careful)
|
||||||
add_header Strict-Transport-Security max-age=15768000 always;
|
# Include all subdomains and indicate to Google that we want this pre-loaded in Chrome's HSTS store
|
||||||
|
# See: https://hstspreload.appspot.com/
|
||||||
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload; always";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
include extra-security.conf;
|
include extra-security.conf;
|
||||||
|
Loading…
Reference in New Issue
Block a user