I have a set up an instance of opencart using nginix as server with Comodo SSL certificates. Using the same nginx configuration, if I set the web root to a 'benign' hello-world index.html then I get an 'A+' SSL Check from ssllabs. In particular that means nginx is issuing a strict transport security header HSTS.
If I change the web root to the opencart root directory the SSL check reverts to only an 'A' and the HSTS header is no longer being issued.
I am running PHP Version 5.6.30-0+deb8u1 on nginx version 1.6.2 and opencart is Version 2.3.0.3_rc with no modifications.
It appears that php or opencart is somehow disabling the HSTS header configured in nginx. I'd like to ensure it's issued, so any assistance appreciated.
Who is online
Users browsing this forum: No registered users and 155 guests