147
edits
Changes
From SME Server
Jump to navigationJump to search
m
→Enabling HSTS: only serve HSTS header over HTTPS
Line 18:
Line 18:
### Enable HTTP Strict Transport Security, lifetime 6 months ###
### Enable HTTP Strict Transport Security, lifetime 6 months ###
− Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+ Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" env=HTTPS
The value of max-age is in seconds, so the value given corresponds to 6 months. After a client has visited your server using HTTPS once, it will always use HTTPS for subsequent visits within that timeframe. You may adjust this time if you wish. Press Ctrl-X to exit, and Y to save. Then, expand the template and restart your web server:
The value of max-age is in seconds, so the value given corresponds to 6 months. After a client has visited your server using HTTPS once, it will always use HTTPS for subsequent visits within that timeframe. You may adjust this time if you wish. Press Ctrl-X to exit, and Y to save. Then, expand the template and restart your web server:
