From bfae83019b01d7f6194407b8c2840c64d66f1fcb Mon Sep 17 00:00:00 2001
From: Sami Samhuri <sami@samhuri.net>
Date: Mon, 28 May 2018 18:47:36 -0700
Subject: [PATCH] add HSTS header

---
 public/.htaccess | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/public/.htaccess b/public/.htaccess
index ddb785a..3b03fdd 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -23,6 +23,8 @@ ExpiresDefault A259200
   Header append Cache-Control "private, must-revalidate"
 </FilesMatch>
 
+# Add HSTS header https://tools.ietf.org/html/rfc6797
+Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
 
 ################
 ### Rewrites ###