Florian Obser wrote: > OK? > > diff --git httpd.conf.5 httpd.conf.5 > index b3eaad8..bfca29f 100644 > --- httpd.conf.5 > +++ httpd.conf.5 > @@ -262,6 +262,18 @@ root directory of > .Xr httpd 8 > and defaults to > .Pa /run/slowcgi.sock . > +.It Ic hsts Oo Ar option Oc > +Enable HTTP Strict Transport Security.
Why this, but not also e.g. Public-Key-Pins or Content-Security? I think this quickly turns into a call for a generic add-header mechanism.