10 lines
369 B
Text
10 lines
369 B
Text
set $hsts_header_value "";
|
|
|
|
# Keep the same HTTP/HTTPS guard as hsts.conf. The only difference is the
|
|
# preload token, which should be enabled only after the whole domain tree is
|
|
# known to be HTTPS-only.
|
|
if ($scheme = "https") {
|
|
set $hsts_header_value "max-age=31536000; includeSubDomains; preload";
|
|
}
|
|
|
|
add_header Strict-Transport-Security $hsts_header_value always;
|