From ffe7efef9616336e24276cf791e1bf5b7d556ebf Mon Sep 17 00:00:00 2001
From: Michael Kroes <michael@kroes.email>
Date: Wed, 29 Jun 2016 08:33:41 +0200
Subject: [PATCH] Add HSTS to the control panel headers

---
 conf/nginx-primaryonly.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf
index 55c80eba..eb446251 100644
--- a/conf/nginx-primaryonly.conf
+++ b/conf/nginx-primaryonly.conf
@@ -9,6 +9,7 @@
 		add_header X-Frame-Options "DENY";
 		add_header X-Content-Type-Options nosniff;
 		add_header Content-Security-Policy "frame-ancestors 'none';";
+		add_header Strict-Transport-Security max-age=31536000;
 	}
 
 	# ownCloud configuration.