BigW Consortium Gitlab

Commit 765eabea by Ben Bodenmiller

add HSTS Policy warning

Add warning about HSTS header as it means user will need to provide secure connection access to site for next 24 months from page view. See https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security for more details.
parent 4102eb3b
...@@ -83,6 +83,8 @@ server { ...@@ -83,6 +83,8 @@ server {
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
## [WARNING] The following header states that the browser should only communicate
## with your server over a secure connection for the next 24 months.
add_header Strict-Transport-Security max-age=63072000; add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment