add hsts headers to all ssl vhosts.

[cz8s]

HSTS header for all users
Copied from bettercrypto.org.

[micah]

This is already being set in:

puppet/modules/site_apache/templates/vhosts.d/api.conf.erb: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
puppet/modules/site_apache/templates/vhosts.d/common.conf.erb: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
puppet/modules/site_static/templates/apache.conf.erb: Header always set Strict-Transport-Security: "max-age=15768000;includeSubdomains"

I agree that it should be put into the commonly included file, but if we do that, we should remove the existing ones and be sure that common one is included.

Also of interest is why some of these have a different max-age?

[cz8s]

Having it in common would be nice. Then pixelated could use it. I will update this PR accordingly and find out why we have different TTLs

[micah]

@cz8s - just wanted to check on the status of this, are you still planning on updating the PR and checking on the different TTLs?

[cz8s]

Its on my to do list. But I won't work on this the next weeks.

[varac]

@cz8s ping, do you still intend to look into this ?
I changed the pr to merge into master, which is our main branch now.