AnsweredAssumed Answered

Problem with HSTS (HTTP Strict Transport Security) on nginx

Question asked by icnseo on Mar 12, 2014
Latest reply on Mar 13, 2014 by icnseo

Hello there.

 

This is my SSL Labs result page : https://www.ssllabs.com/ssltest/analyze.html?d=cloud.icnseo.com .

 

The problem that i noticed is :

 

Strict Transport Security (HSTS)Unknown

 

But when i request the headers here is the result

 

HTTP Response Headers:

NameValue
Status
HTTP/1.1 200 OK
Server
nginx/1.4.6
Date
Wed, 12 Mar 2014 16:29:08 GMT
Content-Type
text/html
Connection
keep-alive
X-Powered-By
PHP/5.5.9-1+sury.org~precise+1
Set-Cookie
oc7d8d9d20e8=9i581haj5hom1ns93khc3n3pu3; path=/; HttpOnly
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Strict-Transport-Security
max-age=15768000; includeSubDomains
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Frame-Options
Sameorigin
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *
Content-Encoding
gzip

 

I have this line in my nginx.conf

 

add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";

 

Any ideas from where this "Unknown" problem comes ?

Outcomes