The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗
You can enable this yourself, as it is commented out by default in /config/nginx/ssl.conf. It does not come activated by default, because of the implications it gives in circumstances where HSTS is not wanted.
Is there an existing issue for this?
Current Behavior
The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗
Expected Behavior
No warning
Steps To Reproduce
Go to admin dashhoard
Environment
CPU architecture
x86-64
Docker creation
Container logs