I have enabled HSTS security setting from my cloudflare account, but still my website has failed under security audit, because of this reason. HSTS Missing From HTTPS Server (RFC 6797). Please help me in this

sunny1 · February 12, 2023, 6:41am

Major issue is this: HSTS Missing From HTTPS Server (RFC 6797). Help me to sort out this issue

michael · February 12, 2023, 9:11am

Is the hostname you are testing configured as ?

Can you share the hostname, and a screenshot of the HSTS settings for this domain?

sunny1 · February 12, 2023, 9:27am

Hostname is herbalcart.com!

Is the hostname you are testing configured as ?
I have just configured via IP address, and its working as well!

See the below settings that I have done for HSTS

Enforce web security policy for your website.

Status: On
Max-Age: 12 months
Include subdomains: On
Preload: On

michael · February 12, 2023, 11:13am

You are using Shopify, so the HSTS header that is seen is theirs, with a 90 day max-age.

What exactly does your report say?

sunny1 · February 12, 2023, 11:18am

Yes, using shopify. see the below screenshot

Thanks in advance!

system · February 27, 2023, 11:18am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.