I have Nextcloud issue with “Strict-Transport-Security” message. I added in Hestia CP apache conf file next:

<IfModule mod_headers.c>
     Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
     <VirtualHost *:443>
           ServerName nextcloud.mydomain.com

Nothing is changed. Anybody know how to fix it?

Create a file in

With the contents:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

I did, but no changes. Same warning.

Solved. Hestia have in dashboard checkbox for this settings.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.