HSTS (HTTP Secure Transport Security) for Apache credit to https://www.owasp.org

apache-hsts.conf

# Use HTTP Strict Transport Security to force client to use secure connections only
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"