The “Strict-Transport-Security” HTTP header is not set to at least “15552000”

The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS

Edit your Apache vHost file configuration for NextCloud. If you have two (one for port 80, the other for port 443), then edit both

Right under the first block that contains the ServerAdmin, DocumentRoot, ServerName, and ServerAlias details, add another line with the below:

Header always set Strict-Transport-Security “max-age=63072000; includeSubDomains”

Save and close the configuration files

Restart the Apache web server

sudo systemctl restart apache2

Refresh the settings page in NextCloud and that alert message should now be removed.