Issue HSTS issue with www forward

[klowet]

Server operating system version

Debian 11

Plesk version and microupdate number

18.0.46

Hi

I have a question / problem with the SSL-IT HSTS implementation. When I test the hosted websites on ssllabs.com, then the result is that HSTS is not configured and OCSP stapling is not active. When I test on hstpreload.org, I get two errors:

Error: No HSTS header

Response error: No HSTS header is present on the response.

Error: HTTP redirects to www first

`http://example.com` (HTTP) should immediately redirect to `https://example.com` (HTTPS) before adding the www subdomain. Right now, the first redirect is to `https://www.example.com`. The extra redirect is required to ensure that any browser which supports HSTS will record the HSTS entry for the top level domain, not just the subdomain.

 

[IgorG]

Please check your domain with the following command:

# curl -s -D- https://domain.com | grep -i Strict
strict-transport-security: max-age=63072000; includeSubDomains

If you see the same output, that means HSTS is really enabled for your domain.

 

[klowet]

There is no output.
Without strict: 301 Moved Permanently. And a location header to forward to the domain including www.