summaryrefslogtreecommitdiff
path: root/apache2/conf-available/local-securityheaders.conf
diff options
context:
space:
mode:
Diffstat (limited to 'apache2/conf-available/local-securityheaders.conf')
-rw-r--r--apache2/conf-available/local-securityheaders.conf21
1 files changed, 21 insertions, 0 deletions
diff --git a/apache2/conf-available/local-securityheaders.conf b/apache2/conf-available/local-securityheaders.conf
index a72a25e..0930702 100644
--- a/apache2/conf-available/local-securityheaders.conf
+++ b/apache2/conf-available/local-securityheaders.conf
@@ -1,6 +1,27 @@
# Security headers
# More info: <https://securityheaders.com/>
+# enable HSTS
+# <http://www.debian-administration.org/articles/662>
+<IfDefine !_NO_HSTS>
+<IfDefine !_NO_HSTS_SUBDOMAINS>
+<IfDefine !_NO_HSTS_PRELOAD>
+ Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains;preload"
+</IfDefine>
+<IfDefine _NO_HSTS_PRELOAD>
+ Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+</IfDefine>
+</IfDefine>
+<IfDefine _NO_HSTS_SUBDOMAINS>
+<IfDefine !_NO_HSTS_PRELOAD>
+ Header add Strict-Transport-Security: "max-age=15768000;preload"
+</IfDefine>
+<IfDefine _NO_HSTS_PRELOAD>
+ Header add Strict-Transport-Security: "max-age=15768000"
+</IfDefine>
+</IfDefine>
+</IfDefine>
+
# Avoid Clickjack attacks
Header always set X-Frame-Options "SAMEORIGIN"
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 10:07:29 +0000