Support » Plugin: HTTP Headers » Strict-Transport-Security is on, but is shown as Missing headers

  • Resolved eliaspatrickjr



    I’ve installed the plugin to get the “Strict-Transport-Security” on my site.

    I’ve set up this option with max-age=1 year, and checked the includeSubDomains.

    But when I inspect the headers, the HSTS is still missing.

    My site is hosted in NGINX server.

    Is there any additional configuration that I have to do?


    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Author Dimitar Ivanov


    Hi @eliaspatrickjr

    The recommended way to use the plugin is under the Apache mode (see Advanced settings > Default mode). Since your website is hosted on Nginx server which is not supported yet, you can use the PHP mode which is not a good idea because will not works with most of third party caching plugins.

    The other option is to manually configure the Nginx. You can get the configuration from Manual setup > Nginx tab.

    However, I just inspect your website and I saw the strict-transport-security: max-age=31536000; includeSubDomains in response headers.

    So I guess you’ve resolved already this issue.

    Kind Regards,

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.