HSTS or just STS can be enabled with Apache fairly easily. I’ll show you how!
Enabling HSTS enforces a policy that all content from your server to the end user’s web browser will be over HTTPS. This can protect against interceptions, https stripping, and other possible man-in-the-middle attacks.
First, enable mod_headers:
$ sudo a2enmod headers
Next, add the following line to your desired apache virtualhost config file:
<VirtualHost *:443> Header always set Strict-Transport-Security "max-age=31536000" ...
max-age of 31536000 seconds (or 12 months) can be adjusted as desired.
And finally, restart apache:
$ sudo /etc/init.d/apache2 restart
You can use a test such as Qualys SSL Server Test to verify Strict Transport Security is enabled.