“Strict-Transport-Security” HTTP header is not configured to at least “15552000” seconds

So how do you actually enable this?
I suppose it should be done in .htaccess, right?
But the documentation doesn’t tell much on how you ACTUALY do it:

Anyone here that kindly would enlighten me on how you do apply it correctly, please?

Thanks in advance! :+1:

I’ve added it in the file /etc/apache2/sites-enabled/000-default.conf.

<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000"

That should be the preferred way whenever possible, as it avoids issues on ownCloud updates and with the integrity check.


Thank you for the help!
Kind regards

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.