diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index 2048589d2dfae556de58c8737bcd3c01a930eb99..50f97dfcc9ef5ece39314803fa21f9575a3b69a4 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -1374,6 +1374,17 @@ The role implements the following:
   Python apps.
 * Installs and configures PHP FPM as a common base for PHP apps.
 
+The web server is configured as follows:
+
+* No plaintext HTTP is allowed, HTTPS is mandatory. Clients connecting
+  via plaintext HTTP are redirected to HTTPS.
+* Clients are served with ``Strict-Transport-Security`` header with
+  value of ``max-age=31536000; includeSubDomains``. This forces
+  compliant clients to always connect using HTTPS to the web server
+  when accessing its default domain, as well as any subdomains served
+  by this web server or any other. The (client-side) cached header
+  value expires after one year.
+
 
 Role dependencies
 ~~~~~~~~~~~~~~~~~
@@ -1386,12 +1397,6 @@ Depends on the following roles:
 Parameters
 ~~~~~~~~~~
 
-**default_enforce_https** (boolean, optional, ``True``)
-  Specify if HTTPS should be enforced for the default virtual host or not. If
-  enforced, clients connecting via plaintext will be redirected to HTTPS, and
-  clients will be served with ``Strict-Transport-Security`` header with value of
-  ``max-age=31536000; includeSubDomains``.
-
 **default_https_tls_certificate** (string, mandatory)
   X.509 certificate used for TLS for HTTPS service. The file will be stored in
   directory ``/etc/ssl/certs/`` under name ``{{ ansible_fqdn }}_https.pem``.