How to enable HSTS on api portal

Document ID : KB000010930
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

How to enable HTTP Strict Transport Security (HSTS)

Instructions:

1. vi /etc/httpd/conf.d/ssl.conf

2. Add the below line
Header always set Strict-Transport-Security "max-age=86400; includeSubDomains;preload"

3. service apiportal restart
4. service httpd restart

Below is the sample of the lines showing where to add it in ssl.conf:
##
## SSL Virtual Host Context
##
Header always set Strict-Transport-Security "max-age=86400; includeSubDomains;preload"
<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"