Warning - HTTP header is not configured to at least "15552000" seconds

Security & setup warnings

It’s important for the security and performance …
The “Strict-Transport-Security” HTTP header is not configured to at least “15552000” seconds. For enhanced security we recommend enabling HSTS as described in our security tips.

where do i set this up?


Please use the find fonction because this question have been answered a lot of times.

Please also read nextcloud documentation. When you have this problem reported you have a link to follow to have an answer.

So i will tell you one more time :
First enable the HEADERS module on your apache :

a2enmod headers

Then go and read this :

Restart your apache service and voila.

After don’t forget to put this topic SOLVED

You’re welcome


ok - thank You for Your quick answer !

I need to tell this our provider…

My problem with these instrutions is that it does not say which file to modify. A lot of us don’t know what the “Apache VirtualHost file” is

I’m still not sure because I still get the warning in the Admin page.

Is it /etc/apache2/sites-enabled/default-ssl.conf ?

a2enmod is a command,
a2 like apache 2
en like enable
Mod like module

You should learn a little bit how Apache2 works and where are key files and how they work. Knowing that will be a great help for using nextcloud.

Because Apache2 is a web server, you can have multiple websites running on a single server. Every website rely on a .conf file saying : what is my name, what is my alias, where is my root folder etc…

In brief, for nextcloud if you want to master all of this you need knowledge on web server (apache2 or ngnix), database (mysql mariadb or postgresql) and Php