Merge pull request #62 from alphagov/add-hsts-to-unknown-url

Add HTTP Strict-Transport-Security header to unknown URLs
alphagov · Feb 22, 2024 · 88e5231 · 88e5231
2 parents 65e097d + d843f88
commit 88e5231
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/modules/www/www.vcl.tftpl b/modules/www/www.vcl.tftpl
@@ -452,6 +452,8 @@ sub vcl_miss {
 }
 
 sub vcl_deliver {
+  set resp.http.Strict-Transport-Security = "max-age=31536000; preload";
+
   # GOV.UK accounts
   if (resp.http.GOVUK-Account-End-Session) {
     add resp.http.Set-Cookie = "__Host-govuk_account_session=; secure; httponly; samesite=lax; path=/; max-age=0";