Enforces "Strict Transport Security" (STS) on sites that 'require' SSL by adding an STS in the http responses:
Strict-Transport-Security: max-age=31536000
This means that for the next 6 months, when the browser will attempt to visit the site, it will always default to https, avoiding http downgrade attacks.
The apache "headers" module must be enabled:
a2enmod headers
For more information:
This module only works when using Aegir with Apache.
Since nginx 'locations' work a bit differently, we decided to override the nginx server template in provision_symbiotic.
Coop Symbiotic is a worker-owned co-operative based in Canada. We have a strong experience working with non-profits and CiviCRM. We provide affordable, fast, turn-key hosting with regular upgrades and proactive monitoring, as well as custom development and training.
More at: https://www.symbiotic.coop/en