Concerns Regarding Strict-Transport-Security Header: Missing 'max-age' Directive in httpd.conf

GusNASA · February 12, 2024, 2:14am

I was examining some console logs and came across the message ‘Strict-Transport-Security: The site specified a header that did not include a ‘max-age’ directive.’ I would like to understand whether this is a communication issue with the browser or if there is a specific rule missing in the httpd.conf file. This type of vulnerability can potentially open a gateway for Man-In-The-Middle attacks.

Website: https://nasatechtechdrive.rf.gd

Thank you in advance for your assistance.

Frank419 · February 12, 2024, 2:21am

Just use

Header set Strict-Transport-Security "<value>"

directive in your /htdocs/.htaccess file to set such header.

Also, online examine tools usually won’t work here:

You’ll need to check with your browser’s dev tools.

GusNASA · February 12, 2024, 2:24am

Thank you very much for your assistance. I will proceed with the necessary changes.

system · February 19, 2024, 2:24am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.