9 lines
338 B
Text
9 lines
338 B
Text
set $hsts_header_value "";
|
|
|
|
# Only emit HSTS on HTTPS responses. This lets a single server block listen on
|
|
# both 80 and 443 without sending a meaningless STS header over plain HTTP.
|
|
if ($scheme = "https") {
|
|
set $hsts_header_value "max-age=31536000; includeSubDomains";
|
|
}
|
|
|
|
add_header Strict-Transport-Security $hsts_header_value always;
|