[Solved] Strict-transport-security in doble declaration


I have used https://securityheaders.com to test my site, I have this warning:

There was a duplicate Strict-Transport-Security header.

I don’t know from where the max-age is declared to 1000 but I suppose it’s a Hestia problem, and not a Drupal problem (I have inspect the .htaccess too).

Thanks for your advice.

When you enable HSTS in Hestia, it adds this header to Nginx conf:

add_header Strict-Transport-Security "max-age=31536000;" always;

I would double check again your Drupal’s conf and the modules you are using.

grep -ri 'header.*strict-transport' /home/YourUser/conf/web/YourDomain/
grep -ri 'header.*strict-transport' /home/YourUser/web/YourDomain/

Solved. The value ‘1000’ was declared in Seckit.

Thanks a lot.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.