- # Enables HTTP Strict Transport Security (HSTS) which instructs browsers to
- # always request the resource over HTTPS, preventing a stripping/downgrade
- # attack.
-
- map $scheme $hsts_header {
- https max-age=31536000;
- }
-
- add_header Strict-Transport-Security $hsts_header;
|