Skip to main content

Security options and headers.

Security options and headers.

------------------------------------------------------------------------------------------------------------------------------------------------

HSTS

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol.

HSTS can be enabled globally in the nginx.conf file, or on a per site bases.

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;"

------------------------------------------------------------------------------------------------------------------------------------------------

Back to top