“Strict-Transport-Security” HTTP header is not configured to at least “15552000” seconds

PowerQuest · October 10, 2022, 5:46pm

So how do you actually enable this?
I suppose it should be done in .htaccess, right?
But the documentation doesn’t tell much on how you ACTUALY do it:

Anyone here that kindly would enlighten me on how you do apply it correctly, please?

Thanks in advance!

alfredb · October 10, 2022, 6:47pm

I’ve added it in the file /etc/apache2/sites-enabled/000-default.conf.

<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000"
</IfModule>

rkaussow · October 10, 2022, 7:42pm

That should be the preferred way whenever possible, as it avoids issues on ownCloud updates and with the integrity check.

PowerQuest · October 10, 2022, 10:27pm

Thank you for the help!
Kind regards

system · January 8, 2023, 10:28pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.