Menu
I am getting this warning in firebug when adding HSTS header.
The site specified an invalid Strict-Transport-Security header.
here is my htaccess
<IfModule mod_headers.c>
Header append X-FRAME-OPTIONS: SAMEORIGIN
Header append Strict-Transport-Security: 'max-age=31536000; includeSubDomains'
</IfModule>
When I remove quotes from the value I get Internal Server Error.
Website is being served through https, redirect from http to https is set from apache's site file. SSL certificate is self-signed, if it matters.
mod headers is enabled. Im on debian 7, apache 2.2.
Thanks
335
As @jhutar mentioned in comments, similarly in my case as I set up the site on the main domain with trusted SSL certificate the problem disappeared. So, the firebug is showing that error only for self-signed(and/or not-trusted) SSL certificates.
152
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
