AnsweredAssumed Answered

Please fix HSTS detection

Question asked by Gaspard d'Hautefeuille on Aug 15, 2015
Latest reply on Jan 8, 2016 by Matthew Ames

Hi,

 

According to RFC 7230, "each header field consists of a case-insensitive field name followed by a colon (":"), optional leading whitespace, the field value, and optional trailing whitespace.".

I migrated from nginx to h2o web server. At the moment, only the second-level domain gitnote.eu (the TLDs and other SLD are not yet configured). For HSTS, I added in h2o.conf: header.add: "strict-transport-security: max-age=15724800; includeSubDomains" but it seems that SSL Labs only supports the HSTS header in the common uppercase writing: Strict-Transport-Security. So, I ask you to support the lowercase writing.

 

Screenshot 2015-08-16 at 03.50.00.png

 

HSTS is not detected even if HSTS is enabled.

 

Screenshot 2015-08-16 at 03.55.24.png

 

Could you please fix HSTS detection?

 

Thanks.

Outcomes