Concerns Regarding Strict-Transport-Security Header: Missing 'max-age' Directive in httpd.conf

I was examining some console logs and came across the message ‘Strict-Transport-Security: The site specified a header that did not include a ‘max-age’ directive.’ I would like to understand whether this is a communication issue with the browser or if there is a specific rule missing in the httpd.conf file. This type of vulnerability can potentially open a gateway for Man-In-The-Middle attacks.


Thank you in advance for your assistance.

Just use

Header set Strict-Transport-Security "<value>"

directive in your /htdocs/.htaccess file to set such header.

Also, online examine tools usually won’t work here:

You’ll need to check with your browser’s dev tools.


Thank you very much for your assistance. I will proceed with the necessary changes.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.