let the HSTS header be controlled by the management daemon so some domains can choose to enable preload

2026-03-05 15:57:23 +01:00 · 2015-09-08 21:20:13 +00:00
parent bd7a4dedc1
commit 93c2258d23
2 changed files with 15 additions and 1 deletions
--- a/conf/nginx-ssl.conf
+++ b/conf/nginx-ssl.conf
@@ -16,7 +16,9 @@
 #ssl_certificate_key /path/to/my-private-decrypted.key;

 # Tell browsers to require SSL (warning: difficult to change your mind)
-add_header Strict-Transport-Security max-age=31536000;
+# Handled by the management daemon because we can toggle this version or a
+# preload version.
+#add_header Strict-Transport-Security max-age=31536000;

 # Prefer certain ciphersuites, to enforce Forward Secrecy and avoid known vulnerabilities.
 #