I have received the security warning that I should set the
Enable HTTP Strict Transport Security setting inside Apache VirtualHost in file 443.
This is what the warning looks like:
• The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For more security, enabling HSTS is recommended as explained in the Security Notes.
•
This is how the solution should look like:
This can be achieved by setting the following settings within the Apache VirtualHost file:
What do you mean with "manual installation? Did you install everything manually incl. webserver, PHP etc… on one of their Linux cloud servers or do you use one of their webhosting plans?
HSTS has to be configured in the webserver config. For example in apache it can be achieved by adding the following line to the virtual host config:
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>