gaja-group
/
server-configs-nginx
mirror of https://github.com/h5bp/server-configs-nginx
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #68 from DanielMarquard/patch-1 

Removed includeSubDomains, and disable HTST by default
This commit is contained in:
Andy Dawson 2014-10-16 11:44:53 +02:00
parent 4ec8f51276 99cdb58475
commit ce3f354ff2
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
h5bp/directive-only/ssl.conf
View File

@ -30,8 +30,9 @@ ssl_session_timeout 24h;
# Use a higher keepalive timeout to reduce the need for repeated handshakes
keepalive_timeout 300; # up from 75 secs default
# remember the certificate for a year and automatically connect to HTTPS
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
# HSTS (HTTP Strict Transport Security)
# This header tells browsers to cache the certificate for a year and to connect exclusively via HTTPS.
#add_header Strict-Transport-Security max-age=31536000;
# This default SSL certificate will be served whenever the client lacks support for SNI (Server Name Indication).
# Make it a symlink to the most important certificate you have, so that users of IE 8 and below on WinXP can see your main site without SSL errors.