Remediation Steps

Follow the steps below to remediate this finding on Plesk.

1. Log in to the Plesk control panel.

2. Navigate to Domains > your domain > Apache & nginx Settings.

3. Under "Additional nginx directives", add:

   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

4. Alternatively, under "Additional Apache directives", add:

   Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

5. Click Apply.