The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds

I know this question has been answered a lot, but none of it has worked for me! I have enabled the module header, I have added "
Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”
" to my website .conf. I have tried adding it to my 80 Virtual host, my 443 Virtual Host and tried adding it to both and the error still shows up. Does anyone know how to fix this?


No webserver type, no webserver version.
No config details.

Not easy to help you :wink:

Please provide more details about your setup and someone may help you.

Running Apache/2.4.29 on Ubuntu.

Apache Conf: Apache Conf -

Hey, that’s better!

Would recommed to reduce your port 80 config and do a redirect like

<VirtualHost *:80>
    Redirect /

My 443 config looks like:

<VirtualHost *:443>

    Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"

So just this one line without the set command.

Running Apache/2.4.41 on Ubuntu.

Sorry for the late reply!
I tried what you said with my port 80 config, it just made the site say “the site has redirected you too many times.”

I also tried what you said for port 443 config, I tried it with & without the section none worked.