AnsweredAssumed Answered

HSTS Not Working - Nginx Location

Question asked by Raj R on Feb 26, 2015
Latest reply on Aug 25, 2016 by Iván Eixarch

Hello, following is my nginx config. I am unable to get A+. Test reports that HSTS is No, even though it is configured!  Here is my test result

 

Any help would be highly appreciated. Thanks!

 

server {

  listen 443;

  ssl on;

  ssl_certificate <<cert path>>;

  ssl_certificate_key <<key path>>;

  add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload';

  add_header X-Frame-Options DENY;

  ssl_prefer_server_ciphers on;

  ssl_ciphers "AES256+EECDH:AES256+EDH";

  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

  ssl_session_cache shared:SSL:10m;

  ssl_session_timeout 10m;

  keepalive_timeout 70;

  resolver 8.8.8.8 8.8.4.4 valid=300s;

  resolver_timeout 5s;

  server_name <<mydomain>>;

Outcomes