From 8f8cb132fb805561a538c94e9f6ed809695bc8c9 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <tazjin@gmail.com>
Date: Sat, 21 Nov 2015 18:25:22 +0100
Subject: [varnish] Add HSTS header to every response

---
 varnish/default.vcl | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'varnish')

diff --git a/varnish/default.vcl b/varnish/default.vcl
index de08f4f646ff..ebf1854df855 100644
--- a/varnish/default.vcl
+++ b/varnish/default.vcl
@@ -30,8 +30,11 @@ sub vcl_backend_response {
         if (beresp.ttl < 1m) {
                 set beresp.ttl = 1m;
         }
+}
 
-        # Add an HSTS header to our response
+sub vcl_deliver {
+        # Add an HSTS header to everything
+        set resp.http.Strict-Transport-Security = "max-age=31536000;includeSubdomains;preload";
 }
 
 sub vcl_synth {
-- 
cgit 1.4.1