Hey, i use Ubuntu 18.04 with Ispconfig (newest) and Nginx. I insert add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; in the Options tab on my domain under additional nginx directives, but if i test it on hstspreload.org it tells me Code: The max-age must be at least 31536000 seconds (≈ 1 year), but the header currently only has max-age=0. If you are trying to remove this domain from the preload list, please visit https://hstspreload.org/removal/ but i set it to max-age=31536000? Can anyone help me?
You need preload. Try: Code: add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; Restart nginx if necessary.
Not work Code: Error: Max-age is 0 The max-age must be at least 31536000 seconds (≈ 1 year), but the header currently only has max-age=0. If you are trying to remove this domain from the preload list, please visit https://hstspreload.org/removal/ Warning: Unnecessary HSTS header over HTTP The HTTP page at http://example.de sends an HSTS header. This has no effect over HTTP, and should be removed I Think i do anything wrong
Check the generated vhost file if the line is present there. If the site contains a cms, then it might also be that the cms overrides the header .
The Line is in the vhost in /etc/nginx/sites-available And yeah i use a cms, how Can i Check what in the CMS overrides the nginx value
