HTTP Strict Transport Security: Lighttpd

To enable HTTP Strict Transport Security in lighttpd use the following config

server.modules += ( "mod_setenv" )
$HTTP["scheme"] == "https" {
    setenv.add-response-header  = ( "Strict-Transport-Security" => "max-age=31536000")
The max-age value is in seconds. Use 31536000 for 12 months or 63072000 for 24 months.

Adding includeSubdomains means that subdomains of the main domain should also be accessed using SSL

Related Articles