AnsweredAssumed Answered


Question asked by Raj R on Feb 19, 2015
Latest reply on Mar 1, 2015 by Raj R

Hello, I have trouble getting an A+. HSTS shows up as "No" when I test my website, but I have HSTS configured in my config file. I have nginx 1.6.2. Following is the conf file. Any help would be highly appreciated. Thanks!


server {
listen 443;
ssl on;
ssl_certificate <<path to cerificate>>;
ssl_certificate_key <<path to key>>

add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload';

ssl_prefer_server_ciphers on;
ssl_ciphers "AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;

resolver valid=300s;
resolver_timeout 5s;