HSTS section for GitLab Pages

ec28d48a · Caleb Cooper · Russell Dickenson · 684ef443 · ec28d48a
Commit ec28d48a authored Jan 11, 2022 by Caleb Cooper Committed by Russell Dickenson Jan 11, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

doc/administration/pages/index.md doc/administration/pages/index.md +8 -0

No files found.
--- a/doc/administration/pages/index.md
+++ b/doc/administration/pages/index.md
@@ -545,6 +545,14 @@ After an archive reaches `zip_cache_expiration`, it's marked as expired and remo

 ![ZIP cache configuration](img/zip_cache_configuration.png)

+### HTTP Strict Transport Security (HSTS) support
+
+HTTP Strict Transport Security (HSTS) can be enabled through the `gitlab_pages['headers']` configuration option. HSTS informs browsers that the website they are visiting should always provide its content over HTTPS to ensure that attackers cannot force subsequent connections to happen unencrypted. It can also improve loading speed of pages as it prevents browsers from attempting to connect over an unencrypted HTTP channel before being redirected to HTTPS.
+
+```ruby
+gitlab_pages['headers'] = ['Strict-Transport-Security: max-age=63072000']
+```
+
 ## Activate verbose logging for daemon

 Follow the steps below to configure verbose logging of GitLab Pages daemon.