Implementing HSTS in ApacheEnable

Implementing HSTS in Apache

Enable the headers module: HSTS is sent as an HTTP header,

sudo a2enmod headers
service apache2 restart in the terminal.
service apache2 restart

#Header set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”
Header set Strict-Transport-Security “includeSubDomains; preload; max-age=63072000”
#Header set X-XSS-Protection “1; mode=block”
Header set X-XSS-Protection “0”
Header always set X-Frame-Options “SAMEORIGIN”
Header always set X-Content-Type-Options “nosniff”
Header always set Referrer-Policy “strict-origin”
Header set Content-Security-Policy “upgrade-insecure-requests”

<IfModule mod_headers.c>
Header always set Permissions-Policy “geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=>
</IfModule>

Revisar

https://scan.really-simple-ssl.com/?domain=https://www.ejemplo.com

Moisesfotograaf

Openingstijden