R0GGER · October 28, 2024 18:56 · jce-zz · May 7, 2024
diff --git a/_hsts.conf b/_hsts.conf
 {% if certificate and certificate_id > 0 -%}
 {% if ssl_forced == 1 or ssl_forced == true %}
 {% if hsts_enabled == 1 or hsts_enabled == true %}
  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
  add_header Referrer-Policy strict-origin-when-cross-origin; 
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Frame-Options SAMEORIGIN;
  add_header Content-Security-Policy upgrade-insecure-requests;
  add_header Permissions-Policy interest-cohort=();
  add_header Expect-CT 'enforce; max-age=604800';
  more_set_headers 'Server: Proxy';
  more_clear_headers 'X-Powered-By';
 {% endif %}
 {% endif %}
 {% endif %}
	{% if certificate and certificate_id > 0 -%}
	{% if ssl_forced == 1 or ssl_forced == true %}
	{% if hsts_enabled == 1 or hsts_enabled == true %}
	# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
	add_header Strict-Transport-Security "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
	add_header Referrer-Policy strict-origin-when-cross-origin;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Frame-Options SAMEORIGIN;
	add_header Content-Security-Policy upgrade-insecure-requests;
	add_header Permissions-Policy interest-cohort=();
	add_header Expect-CT 'enforce; max-age=604800';
	more_set_headers 'Server: Proxy';
	more_clear_headers 'X-Powered-By';
	{% endif %}
	{% endif %}
	{% endif %}