Hi,
This should be added on your Apache configuration, either global or host-based for SSL website.
<VirtualHost IP:443>
...
...
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</VirtualHost>
After making changes to Apache config(s), it must be reloaded using UI or the following command:
systemctl restart apache2
Moreover, this change will require you to have enabled headers Apache module as well. This can be done by running:
a2enmod headers && systemctl restart apache2
… or using Servers ⇾ Apache Webserver: Configure Apache Modules page:
