Security & setup warnings suggestions

ℹ️ Support
, , ,
1

Our Nextcloud server is behind a nginx reverse proxy which handles https with letsencrypt. Security scan is all green and dozy:

Yet the Security & setup warnings suggests:

Some headers are not set correctly on your instance - The Strict-Transport-Security HTTP header is not set (should be at least 15552000 seconds). For enhanced security, it is recommended to enable HSTS. For more details see the documentation :arrow_upper_right:.

can I savely ignore the warning?

2

You should enable HSTS.

Also, run these tests too:

3

I’ve activated HTST on the reverse proxy. I did do a pen test with pentest-tools.com and scored A+

4

That’s great. And thanks for posting that; it was a reminder to me to check my own apache version. I was outdated and fixed that.

1 Like