Hello together,
well i’ve got a problem.
Im using nginx as webserver and i get the warning message, that my HTTP-Header “Strict-Transport-Security” is not set to at least 15552000 seconds. But my nginx config look like this:
add_header Strict-Transport-Security “max-age=15768000; includeSubDomains; preload;” always;
so i think its correct but it dont work.
Do you got an idea?
Thanks in advance
Sascha Zänker
Hi @Zaenky
I’m not a nginx expert. But maybe this coud cause the issue…
### nheritance Rules for add_header Directives
NGINX configuration blocks inherit add_header directives from their enclosing blocks, so you just need to place the add_header directive in the top‑level server block. There’s one important exception: if a block includes an add_header directive itself, it does not inherit headers from enclosing blocks, and you need to redeclare all add_header directives:
If this doesn’t solve your problem, please post your complete nginx config, maybe someone of the nginx users here will be able to help you…
Hey there,
well it was a Problem in Cloudflare. I configured the HSTS Header there and then after a few minutes it works.