From 9a217ec841bee588b59f45e5177dccc72a05975c Mon Sep 17 00:00:00 2001
From: David Anderson <danderson@tailscale.com>
Date: Mon, 22 Nov 2021 11:45:37 -0800
Subject: [PATCH] cmd/derper: increase HSTS cache lifetime to 2 years.

Fixes #3373.

Signed-off-by: David Anderson <danderson@tailscale.com>
---
 cmd/derper/derper.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/derper/derper.go b/cmd/derper/derper.go
index 74ee0c102..8298c9ed7 100644
--- a/cmd/derper/derper.go
+++ b/cmd/derper/derper.go
@@ -240,7 +240,7 @@ func main() {
 			// HSTS. Set it even though derper doesn't really serve
 			// anything of interest to browsers (and API clients like
 			// tailscale don't obey HSTS).
-			w.Header().Set("Strict-Transport-Security", "max-age=600; includeSubDomains")
+			w.Header().Set("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
 			mux.ServeHTTP(w, r)
 		})
 		go func() {