The HSTS directive is always set even in non ssl case

Question

ojullien opened this issue 6 years ago · 2 comments

The HTTP Strict Transport Security directives should not be in the server conf but in the ssl vhost.

Answer 1 · 2020-02-04T17:09:20.000Z

The HTTP page still sends an HSTS header.

The HSTS directive is still in the conf-available/zzz-ssl.conf file.

Answer 2 · 2020-02-04T17:44:51.000Z

My mistake, checking wrong version.