Hi,
I am just reading up on HSTS (HTTP Strict Transport Security) and notice
that there is nothing (that I can find) that mentions using it with pound.
From what I have read, it is basically as difficult as setting a
response header "Strict-Transport-Security", with max-age=desired-age as
a value, inside an https listener.
Is this a correct assumption, is that really enough to implement HSTS
when using a valid certificate or might it require changes on the
backend servers as well?
I guess the pound config should include something like this line:
AddHeader "Strict-Transport-Security:max-age=31536000"
/A
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
