Increase HSTS max-age to 1 year and use preload

cdcadman · Nov 11, 2024 · 7eda8a6 · 7eda8a6
1 parent 1daa77a
commit 7eda8a6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/webapp_python/main.py b/webapp_python/main.py
@@ -8,7 +8,7 @@
 RESPONSE_HEADERS = {
     "Content-Security-Policy": "default-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests",
     "Referrer-Policy": "strict-origin-when-cross-origin",
-    "Strict-Transport-Security": "max-age=300; includeSubDomains",
+    "Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload",
     "X-Content-Type-Options": "nosniff",
 }