From 2d8e5e73408937d9939620ee8e7048ceb17743b8 Mon Sep 17 00:00:00 2001
From: dallaslu <dallaslu@noreply.forge.st>
Date: Fri, 5 Jun 2026 12:46:31 +0800
Subject: [PATCH] add hsts-preload

---
 ssl/hsts-preload.conf | 7 +++++++
 ssl/hsts.conf         | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 ssl/hsts-preload.conf

diff --git a/ssl/hsts-preload.conf b/ssl/hsts-preload.conf
new file mode 100644
index 0000000..0d29162
--- /dev/null
+++ b/ssl/hsts-preload.conf
@@ -0,0 +1,7 @@
+set $hsts_header_value "";
+
+if ($scheme = "https") {
+	set $hsts_header_value "max-age=31536000; includeSubDomains; preload";
+}
+
+add_header	Strict-Transport-Security $hsts_header_value always;
diff --git a/ssl/hsts.conf b/ssl/hsts.conf
index 0d29162..ffed12f 100644
--- a/ssl/hsts.conf
+++ b/ssl/hsts.conf
@@ -1,7 +1,7 @@
 set $hsts_header_value "";
 
 if ($scheme = "https") {
-	set $hsts_header_value "max-age=31536000; includeSubDomains; preload";
+	set $hsts_header_value "max-age=31536000; includeSubDomains";
 }
 
 add_header	Strict-Transport-Security $hsts_header_value always;