Configure HTTP Strict Transport Security (HSTS) on Apache2

Enable Apache2 Headers Module

sudo a2enmod headers

Enabling HSTS for Apache2

sudo nano 000-default-le-ssl.conf
<VirtualHost *:443>
  Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
  # or 
  Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
</VirtualHost>

Leave a Comment

Your email address will not be published. Required fields are marked *