Below is the line that have to be put in <VirtualHost *:443> where ‘*’ can be remained as it is or can be changed if you know what you are doing. Do not put below in HTTP virtual host block i.e. <VirtualHost *:80> (port and ‘*'(IP) can be anything if you have configured your server to listen on any other port)
Header always set Strict-Transport-Security "max-age=5184000; includeSubdomains;"
In above configuration the max-age is set to 60 days (means the headers will be cached for 60 days)
Below are the differences in Headers:
301 Response When HSTS is not enabled:
HSTS only works for supported browsers