The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS
Edit your Apache vHost file configuration for NextCloud. If you have two (one for port 80, the other for port 443), then edit both
Right under the first block that contains the ServerAdmin, DocumentRoot, ServerName, and ServerAlias details, add another line with the below:
Header always set Strict-Transport-Security “max-age=63072000; includeSubDomains”
Save and close the configuration files
Restart the Apache web server
sudo systemctl restart apache2
Refresh the settings page in NextCloud and that alert message should now be removed.
