nginx being serious

services/http/nginx.conf

@@ -26,6 +26,12 @@ http {
     keepalive_timeout  65;
 
     #gzip  on;
+    
+    # Set HSTS if forwarded proto is https
+    map $http_x_forwarded_proto $hsts_header {
+      default "";
+      https "max-age=31536000; includeSubDomains;";
+    }
 
     server {
         listen       80 default_server;
@@ -60,9 +66,7 @@ http {
 
         sendfile off;
         
-        if ($http_x_forwarded_proto = "https") {
-            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
-        }
+        add_header Strict-Transport-Security $hsts_header;
         add_header X-Content-Type-Options nosniff;
         add_header X-XSS-Protection "1; mode=block";
         add_header X-Robots-Tag none;