Merge pull request #87 from julianladisch/Header-always-add
authorAaron Zauner <azet@azet.org>
Fri, 12 Dec 2014 20:25:54 +0000 (21:25 +0100)
committerAaron Zauner <azet@azet.org>
Fri, 12 Dec 2014 20:25:54 +0000 (21:25 +0100)
HSTS Apache: Header always add/set

src/configuration/Webservers-legacy/Apache/000-default-ssl

index 20b7cd3..b731df8 100644 (file)
@@ -177,7 +177,7 @@ SSLStrictSNIVHostCheck off
        SSLHonorCipherOrder On
        SSLCompression off
        # Add six earth month HSTS header for all users...
-       Header add Strict-Transport-Security "max-age=15768000"
+       Header always set Strict-Transport-Security "max-age=15768000"
        # If you want to protect all subdomains, use the following header
        # ALL subdomains HAVE TO support HTTPS if you use this!
        # Strict-Transport-Security: max-age=15768000 ; includeSubDomains