Remediation Steps

Follow the steps below to remediate this finding on Apache webserver.

1. Make sure that the headers module is loaded:

   sudo a2enmod headers

2. Add the following code to the apache2.conf file:

   <IfModule mod_headers.c>        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"</IfModule>