Enabling HSTS on nginx

If you want to enable HSTS on your nginx webserver, this is how you do it:

add_header Strict-Transport-Security "max-age=315360000; includeSubdomains";

You need to put this only on the https server, not on the http only server – it wont work on http only.


Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.