Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Apache webserver.

  1. Ensure mod_headers is enabled:

    sudo a2enmod headers

  2. Add to your HTTPS VirtualHost or apache2.conf:

    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  3. Reload Apache:

    sudo systemctl reload apache2
Back to top