haproxy: add strict transport security or any other http header
Published: 11-12-2013 | Author: Remy van Elst | Text only version of this article
Table of Contents
This snippet shows you how to add a header to a haproxy response, for example, the HSTS header (http strict transport security).
This snippet was tested on haproxy 1.5.
This for example can be used when haproxy is used for ssl offloading and you want to offer hsts, while the backends not support it.
The following config is required in a
frontend example-frontend reqadd X-Forwarded-Proto:\ https rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains default_backend example-backend
The important part is:
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
This adds the header to every response haproxy sends to a client.apache , haproxy , hsts , loadbalancer , network , snippets , ssl