Documentation: Update suggested default for HSTS and link to MDN for documentation - refs BT#20965

ywarnier · ywarnier · commit 704dd78012c6 · 2023-08-30T10:12:13.000+02:00
diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php
@@ -577,8 +577,9 @@
 // HTTP Strict Transport Security is an excellent feature to support on your
 // site and strengthens your implementation of TLS by getting the User Agent
 // to enforce the use of HTTPS. Recommended value
-// "strict-transport-security: max-age=31536000; includeSubDomains".
-//$_configuration['security_strict_transport'] = 'strict-transport-security: max-age=31536000; includeSubDomains';
+// "strict-transport-security: max-age=63072000; includeSubDomains; preload".
+// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+//$_configuration['security_strict_transport'] = 'strict-transport-security: max-age=63072000; includeSubDomains; preload';
 //
 // Content Security Policy is an effective measure to protect your site from
 // XSS attacks. By whitelisting sources of approved content, you can prevent
