caddy/snippets/security/hsts.snippet

0.3 KB · 8 lines · 2024-08-03 · 5e2a110

# caddy/snippets/security/hsts.snippet
# 1 year HSTS. includeSubDomains is safe because we own the whole
# home.arpa zone internally.

header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
header -Server