From fe77901e50a911079f50bbb50d1b1f4aefa05990 Mon Sep 17 00:00:00 2001
From: Carla Schroder <carla@owncloud.com>
Date: Mon, 5 Oct 2015 16:53:49 -0700
Subject: [PATCH] correct HTTP Strict Transport Security section

---
 .../configuration_server/harden_server.rst         | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/admin_manual/configuration_server/harden_server.rst b/admin_manual/configuration_server/harden_server.rst
index 98f6af78f..6dd5b3760 100644
--- a/admin_manual/configuration_server/harden_server.rst
+++ b/admin_manual/configuration_server/harden_server.rst
@@ -115,14 +115,16 @@ connection to the ownCloud instance using HTTP, and it attempts to prevent site
 visitors from bypassing invalid certificate warnings.
 
 This can be achieved by setting the following settings within the Apache 
-VirtualHost file:
+VirtualHost file::
 
-.. code-block:: none
-
-  <VirtualHost *:443>
-     ServerName cloud.owncloud.com
-     Header always add Strict-Transport-Security "max-age=15768000"
+ <VirtualHost *:443>
+   ServerName cloud.owncloud.com
+     <IfModule mod_headers.c>
+       Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+     </IfModule>
   </VirtualHost>
+  
+This example configuration will make all subdomains only accessible via HTTPS. If you have subdomains not accessible via HTTPS, remove ``includeSubdomains;``. 
 
 This requires the ``mod_headers`` extension in Apache.