From 4e3cfead4621d97c74cb05c91496f4a7f1cd8db9 Mon Sep 17 00:00:00 2001
From: Michael Kroes <michael@kroes.email>
Date: Fri, 29 Jul 2016 15:01:40 +0200
Subject: [PATCH] Add HSTS to the control panel headers (#879)

---
 conf/nginx-primaryonly.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf
index 55c80eba..eb446251 100644
--- a/conf/nginx-primaryonly.conf
+++ b/conf/nginx-primaryonly.conf
@@ -9,6 +9,7 @@
 		add_header X-Frame-Options "DENY";
 		add_header X-Content-Type-Options nosniff;
 		add_header Content-Security-Policy "frame-ancestors 'none';";
+		add_header Strict-Transport-Security max-age=31536000;
 	}
 
 	# ownCloud configuration.