HTACCESS Error: No HSTS header Response error: No HSTS header is present on the response.

Question

HTACCESS Error: No HSTS header Response error: No HSTS header is present on the response.

vikasmantute opened this issue 6 years ago · 2 comments

I have address this .HTACCESS Code,
<IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS </IfModule> <IfModule mod_rewrite.c>

but still showing.
Error: No HSTS header
Response error: No HSTS header is present on the response.

Answer 1 · 2018-04-24T19:22:46.000Z

When I checked in devtools, I see that the request to https://fractovia.org does not have the header, but https://www.fractovia.org does. That first https request needs to have the HSTS header.

I can't help with the details of your server configuration, but since it looks like you're using cloudflare, I'd suggest looking at https://support.cloudflare.com/hc/en-us/articles/204183088-Does-Cloudflare-offer-HSTS-HTTP-Strict-Transport-Security-.

Answer 2 · 2018-04-24T20:03:09.000Z

@nharper's diagnosis looks correct to me.

In addition, I recommend leaving out the <IfModule> guards, so that your server will not silently drop the header if the mod_headers.c is not present for some reason.