diff options
author | Jonas Smedegaard <dr@jones.dk> | 2020-10-19 20:30:48 +0200 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2020-10-19 20:30:48 +0200 |
commit | 6f2789383d183f004329daf559dd2b9333fef3cc (patch) | |
tree | 5d8882d077c6302d9e404992e5391522e625010d /apache2/conf-available/security.conf.diff | |
parent | 369792f19ea16fa13f529e356c78da4b66ed7752 (diff) |
fix set HSTS header only with HTTPS
Diffstat (limited to 'apache2/conf-available/security.conf.diff')
-rw-r--r-- | apache2/conf-available/security.conf.diff | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apache2/conf-available/security.conf.diff b/apache2/conf-available/security.conf.diff index 5d80605..de9221a 100644 --- a/apache2/conf-available/security.conf.diff +++ b/apache2/conf-available/security.conf.diff @@ -43,6 +43,6 @@ +Header always set Referrer-Policy "no-referrer-when-downgrade" + +# enable Strict Transport Security -+Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=-n %{HTTPS}" ++Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=%{HTTPS} != 'off'" # vim: syntax=apache ts=4 sw=4 sts=4 sr noet |