Hi, there!
I have config the HSTS according to the documents, but I still have the Warning message below:
- The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS as described in the [security tips]
Here is my conf file:
Alias /nextcloud "/var/www/html/nextcloud/"
<VirtualHost *:80>
ServerName ****
DocumentRoot /var/www/html/nextcloud/
<Directory /var/www/html/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =***
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName ***
DocumentRoot /var/www/html/nextcloud/
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
</IfModule>
</VirtualHost>
BTW, I have enable header module of apache.
Could you please help me figure this out? Thanks~