1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Nginx: Is it fine to use "Strict-Transport-Security" on HTTP / port 80 block?

Discussion in 'Server Configuration and Hosting' started by RoldanLT, Jan 21, 2015.

  1. RoldanLT

    RoldanLT Well-Known Member

    I mean this:
    # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
      # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    Usually it is use on https / port 443 block.

    I just switch back from HTTPS to HTTP only last month.
    Now I want to clear up all browser cache for old visitors and always use HTTP only.
  2. RoldanLT

    RoldanLT Well-Known Member

    Never mind:

Share This Page