HSTS Apache: Header always set
authorjulianladisch <julianladisch@users.noreply.github.com>
Fri, 12 Dec 2014 14:58:02 +0000 (15:58 +0100)
committerjulianladisch <julianladisch@users.noreply.github.com>
Fri, 12 Dec 2014 14:58:02 +0000 (15:58 +0100)
Redirections and "Forbidden" pages should also get HSTS.

src/configuration/Webservers/Apache/default-ssl

index 91536f8..9ada2e0 100644 (file)
        SSLHonorCipherOrder On
        SSLCompression off
        # Add six earth month HSTS header for all users...
-       Header set Strict-Transport-Security "max-age=15768000"
+       Header always set Strict-Transport-Security "max-age=15768000"
        # If you want to protect all subdomains, use the following header
        # ALL subdomains HAVE TO support HTTPS if you use this!
        # Strict-Transport-Security: "max-age=15768000 ; includeSubDomains"