HSTS can only be applied on the HTTPS (port 443) VirtualHost, not on port 80. Since your Apache config only has a port 80 vhost, you’ll need to either locate or create a <VirtualHost *:443> block. Inside that, add: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Then enable SSL modules (a2enmod ssl headers), reload Apache, and the scan should detect HSTS correctly. If nothing exists for 443, it’s safe to create a new VirtualHost for your mailman site. I found the one helpful guide at:- https://cheapsslweb.com/resources/how-to-fix-the-hsts-missing-from-https-server-error. Hope it helps! _______________________________________________ Mailman-users mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/[email protected]/message/6FRQRATYOUKH2SYMUY2NDSWQUKDSFN77/ This message sent to [email protected]
