Dafür gibt m.E. UCR-Variablen.
root@ucs-8762:~# ucr search hsts
apache2/hsts/includeSubDomains: <empty>
Applies HSTS policy also to subdomains if set to 'yes'.
apache2/hsts/max-age: <empty>
Time in seconds of how long web browsers will cache and enforce the HSTS policy on the host. Defaults to '10886400' - which are 18 weeks.
apache2/hsts: <empty>
Enable HTTP Strict Transport Security (HSTS) by setting this variable to 'yes'. 'apache2/force_https' should be enabled additionally to take full advantage of HSTS.