HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking.
Here is how to enable it on Apache2
1. Enable mod_headers
2. Add the additional header to the HTTPS VirtualHost directive. Max-age is measured in seconds. Put this into your VirtualHost *:443 section
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"