Hi, recently I ask a question regarding a header problem about HSTS which is not enabled by Nginx, now I knew that the problem with HSTS is when SSL is enabled, HSTS is disabled or missing from the header, which is supposed not to happen because HSTS should be enabled on SSL. Can someone tell me, whether this is a bug or it was intended to be like that?. So what is the use of HSTS header if itby shaifful - Other discussion
Hi, I have tried adding add_header to my Nginx conf to add Http Strict Transport Security directives. But there is no changes or nothing happened at all in the scanning results using SSLLabs test https://www.ssllabs.com/ssltest/analyze.html?d=support.apasaja.my&ignoreMismatch=on. Please have a look at Protocol Details and Strict Transport Security. I have tried adding add_header Strict-Traby shaifful - How to...
I'm using Nginx 1.5.1 which is compiled via centminmod, my problem is, whenever I tried to add_header like add_header Strict-Transport-Security "max-age=360000; includeSubdomains"; this header does not appear to work at all. I have tried it on 1.4.1 as well, and the results is same, the header does not appear to be functional. This is my configuration files.. http://pastebin.comby shaifful - Other discussion
![]() |
![]() |
![]() |
![]() |
|