From 68d39609319f41e7aba5ec366f70cceb3fe301f9 Mon Sep 17 00:00:00 2001
From: Nolan Lawson <nolan@nolanlawson.com>
Date: Sat, 16 Feb 2019 12:33:12 -0800
Subject: [PATCH] chore: import hsts headers in zeit (#1003)

---
 now.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/now.json b/now.json
index 149d09b..f8d4554 100644
--- a/now.json
+++ b/now.json
@@ -44,7 +44,7 @@
         "cache-control": "public,max-age=3600",
         "content-security-policy": "script-src 'self' 'sha256-EkTiuvkFbkHUWPvTnH6v0H2/i/09DGGwDOyFPJKCYnw=' 'sha256-Rv0XCoOhq4H0QyKE7rEhr+e9GI5gsmGcC04fY0HPORc=' 'sha256-28NJWgGMi7z1BsySG4SYZCjth/ys7dkElS3oIl5ZEqM=' 'sha256-nUHIts9QUqQq4nfffteH1WG3ZeWESwmxZn6bWMNWsiM=' 'sha256-MGLg9fH15qQqEcT+iTfwx/cfVp2MgjSrVt08u3NVKa8=' 'sha256-OQjxgqHHnjfZwkCEsAo2MRjd3GuPmg+RvmjrZd35TN4=' 'sha256-sS3nggZVNGyoYqI7U/PSwnwI4CymIdHNgJwW49qztWo=' 'sha256-aASq1hOJ8PP2cfK9QGXaCLdqgtkDXDb5VFXlSyrpX/M=' 'sha256-1ujkGrbsh0Yx/bquh2I9gkG1ZaZetCkjre6vciK2u7U='; worker-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; object-src 'none'; manifest-src 'self'",
         "referrer-policy": "no-referrer",
-        "strict-transport-security": "max-age=15552000",
+        "strict-transport-security": "max-age=15552000; includeSubDomains",
         "x-content-type-options": "nosniff",
         "x-download-options": "noopen",
         "x-frame-options": "SAMEORIGIN",
@@ -58,7 +58,7 @@
         "cache-control": "public,max-age=3600",
         "content-security-policy": "script-src 'self' 'sha256-EkTiuvkFbkHUWPvTnH6v0H2/i/09DGGwDOyFPJKCYnw=' 'sha256-Rv0XCoOhq4H0QyKE7rEhr+e9GI5gsmGcC04fY0HPORc=' 'sha256-28NJWgGMi7z1BsySG4SYZCjth/ys7dkElS3oIl5ZEqM=' 'sha256-nUHIts9QUqQq4nfffteH1WG3ZeWESwmxZn6bWMNWsiM=' 'sha256-MGLg9fH15qQqEcT+iTfwx/cfVp2MgjSrVt08u3NVKa8=' 'sha256-OQjxgqHHnjfZwkCEsAo2MRjd3GuPmg+RvmjrZd35TN4=' 'sha256-sS3nggZVNGyoYqI7U/PSwnwI4CymIdHNgJwW49qztWo=' 'sha256-aASq1hOJ8PP2cfK9QGXaCLdqgtkDXDb5VFXlSyrpX/M=' 'sha256-1ujkGrbsh0Yx/bquh2I9gkG1ZaZetCkjre6vciK2u7U='; worker-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; object-src 'none'; manifest-src 'self'",
         "referrer-policy": "no-referrer",
-        "strict-transport-security": "max-age=15552000",
+        "strict-transport-security": "max-age=15552000; includeSubDomains",
         "x-content-type-options": "nosniff",
         "x-download-options": "noopen",
         "x-frame-options": "SAMEORIGIN",