My web application runs on a different number of hosts that I control. To prevent the need to change the Apache config of each vhost, I add most of the config using .htaccess files in my repo so the basic setup of each host is just a couple of lines. This also makes it possible to change the config upon deploying a new version. Currently the .htaccess (un)sets headers, does some rewrite magic and controls the caching of the UA.
I want to enable HSTS in the application using .htaccess. Just setting the header is easy:
Header always set Strict-Transport-Security "max-age=31536000"
Apparently there is a HTTPS environment variable available that can be used easily. For people with the same question:
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS