AnsweredAssumed Answered

HSTS marked as No in SSL test?

Question asked by Floren Munteanu on Jul 25, 2019
Latest reply on Jul 25, 2019 by Floren Munteanu

Hi,

 

I tested my domain with SslLabs test and you are marking to No the Strict Transport Security (HSTS) setting:

https://www.ssllabs.com/ssltest/analyze.html?d=floren.ca&hideResults=on

 

However, the header is properly set:

$ curl -I https://www.floren.ca
HTTP/2 200
server: nginx
date: Thu, 25 Jul 2019 18:46:51 GMT
content-type: text/html
content-length: 2337
last-modified: Tue, 02 Jul 2019 14:21:25 GMT
vary: Accept-Encoding
etag: "5d1b6865-921"
content-security-policy: default-src 'self'; font-src 'self' fonts.gstatic.com; script-src 'self' use.fontawesome.com; style-src 'self' fonts.googleapis.com use.fontawesome.com
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
accept-ranges: bytes

Outcomes