Documentation rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808446 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/mod/mod_md.html.en b/docs/manual/mod/mod_md.html.en
index ec1df0cffc271fccd1dd1ddda82d7f67c0b506d4..36fd2b03652c89dfa816789fcbb5775807e24ae1 100644 (file)
--- a/docs/manual/mod/mod_md.html.en
+++ b/docs/manual/mod/mod_md.html.en
@@ -510,6 +510,17 @@ MDRenewWindow 10%</pre>
   MDRequireHttps permanent
 &lt;/ManagedDomain&gt;</pre>
 </div>
+            <p>When you configure MDRequireHttps permanent, an additional security 
+            feature is automatically applied: HSTS. This adds the header 
+            Strict-Transport-Security to responses sent out via https:. 
+            Basically, this instructs the browser to only perform secure 
+            communications with that domain. This instruction holds for the 
+            amount of time specified in the header as 'max-age'. 
+            This is about half a year as generated by mod_md.
+            </p><p>
+            It is therefore advisable to first test the MDRequireHttps temporary 
+            configuration and switch to permanent only once that works satisfactory.
+            </p>
         
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>