Add 'always' parameter ensures that the header is set for all responses

Author: RahulMahale

config/nginx.conf

@@ -32,7 +32,7 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/api.rubyonrails.org/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;"; # config to enable HSTS
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;" always; # config to enable HSTS
 
 }
 
@@ -70,7 +70,7 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/api.rubyonrails.org/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;" always; # config to enable HSTS
 }
 
 #
@@ -90,7 +90,7 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/api.rubyonrails.org/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;"; # config to enable HSTS
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;" always; # config to enable HSTS
 
 }
 
@@ -112,7 +112,7 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/api.rubyonrails.org/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;"; # config to enable HSTS
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;" always; # config to enable HSTS
 
 }