diff options
Diffstat (limited to 'apache2/conf-available/local-securityheaders.conf')
-rw-r--r-- | apache2/conf-available/local-securityheaders.conf | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/apache2/conf-available/local-securityheaders.conf b/apache2/conf-available/local-securityheaders.conf index a72a25e..0930702 100644 --- a/apache2/conf-available/local-securityheaders.conf +++ b/apache2/conf-available/local-securityheaders.conf @@ -1,6 +1,27 @@ # Security headers # More info: <https://securityheaders.com/> +# enable HSTS +# <http://www.debian-administration.org/articles/662> +<IfDefine !_NO_HSTS> +<IfDefine !_NO_HSTS_SUBDOMAINS> +<IfDefine !_NO_HSTS_PRELOAD> + Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains;preload" +</IfDefine> +<IfDefine _NO_HSTS_PRELOAD> + Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" +</IfDefine> +</IfDefine> +<IfDefine _NO_HSTS_SUBDOMAINS> +<IfDefine !_NO_HSTS_PRELOAD> + Header add Strict-Transport-Security: "max-age=15768000;preload" +</IfDefine> +<IfDefine _NO_HSTS_PRELOAD> + Header add Strict-Transport-Security: "max-age=15768000" +</IfDefine> +</IfDefine> +</IfDefine> + # Avoid Clickjack attacks Header always set X-Frame-Options "SAMEORIGIN" |