Changes

Jump to navigation Jump to search

HSTS and HPKP (view source)

Revision as of 03:08, 20 March 2017

10 bytes added ,  03:08, 20 March 2017
m
→‎Enabling HSTS: only serve HSTS header over HTTPS
Line 18: Line 18:     
  ### Enable HTTP Strict Transport Security, lifetime 6 months  ###
 
  ### Enable HTTP Strict Transport Security, lifetime 6 months  ###
  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" env=HTTPS
    
The value of max-age is in seconds, so the value given corresponds to 6 months.  After a client has visited your server using HTTPS once, it will always use HTTPS for subsequent visits within that timeframe.  You may adjust this time if you wish.  Press Ctrl-X to exit, and Y to save.  Then, expand the template and restart your web server:
 
The value of max-age is in seconds, so the value given corresponds to 6 months.  After a client has visited your server using HTTPS once, it will always use HTTPS for subsequent visits within that timeframe.  You may adjust this time if you wish.  Press Ctrl-X to exit, and Y to save.  Then, expand the template and restart your web server:
DanB35
147

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/32974"

Navigation menu