AnsweredAssumed Answered

HSTS marked as No in SSL test?

Question asked by Floren Munteanu on Jul 25, 2019
Latest reply on Jul 25, 2019 by Floren Munteanu



I tested my domain with SslLabs test and you are marking to No the Strict Transport Security (HSTS) setting:


However, the header is properly set:

$ curl -I
HTTP/2 200
server: nginx
date: Thu, 25 Jul 2019 18:46:51 GMT
content-type: text/html
content-length: 2337
last-modified: Tue, 02 Jul 2019 14:21:25 GMT
vary: Accept-Encoding
etag: "5d1b6865-921"
content-security-policy: default-src 'self'; font-src 'self'; script-src 'self'; style-src 'self'
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
accept-ranges: bytes