From a7bc4e738753ffebead84d326f3012d126f54c1e Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 12 Dec 2020 21:17:44 +0200
Subject: [PATCH] Add Expect-CT header.

---
 conf.d/mail.shore.co.il.conf | 1 +
 snippets/ssl.conf            | 1 +
 2 files changed, 2 insertions(+)

diff --git a/conf.d/mail.shore.co.il.conf b/conf.d/mail.shore.co.il.conf
index 3bd2e13..40bc173 100644
--- a/conf.d/mail.shore.co.il.conf
+++ b/conf.d/mail.shore.co.il.conf
@@ -19,6 +19,7 @@ server {
 
     # Copied from snippetes/ssl.conf.
     add_header                  Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+    add_header                  Expect-CT "max-age=86400, enforce, report-uri=\"https://www.shore.co.il/about\"";
     include                     snippets/common-headers.conf;
     ssl_certificate             /var/ssl/mail.crt;
     ssl_certificate_key         /var/ssl/mail.key;
diff --git a/snippets/ssl.conf b/snippets/ssl.conf
index a209d98..8a0dd0a 100644
--- a/snippets/ssl.conf
+++ b/snippets/ssl.conf
@@ -1,4 +1,5 @@
 add_header                  Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+add_header                  Expect-CT "max-age=86400, enforce, report-uri=\"https://www.shore.co.il/about\"";
 include                     snippets/common-headers.conf;
 ssl_certificate             /var/ssl/site.crt;
 ssl_certificate_key         /var/ssl/site.key;
-- 
GitLab