deewinc
Currently we have no relevant settings, you need to manually modify the configuration file
Nginx:

Apache:
Not set by default

In addition, the perload parameter is not added by default

      Thanks for that. But I'm not the one who added it. Any domain or subdomain that I add it appears by default

      aaPanel_Jose @aapanel_sniper

      I have realized that it's added when you request for SSL.

      Any domains without an SSL don't have the security headers.

      Please fix it and remove "preload" on HSTS

        10 months later

        x3inspire
        Hello, add the following to the configuration file of the website and restart OLS: Please backup before modifying

        context / {
        allowBrowse 1
        extraHeaders Strict-Transport-Security "max-age=31536000; includeSubDomains;preload"
        rewrite {
        }
        addDefaultCharset off
        phpIniOverride {
        }
        }

            2 years later

            aaPanel_Kern Hello, whatever I do, it doesn't get disabled. I also removed the HSTS code. Do you suggest that the problem might be due to nginx 1.22?
            I have Debian 11

              aaPanel_Kern
              Please tell me if it's not adjustable so I can stop doing the various settings because I'm confused

              I saw that you asked someone before
              Did you activate web speed? Yes, I activated it and then deleted web speed

              Content-Type: text/html; charset=UTF-8
              Connection: close
              X-Redirect-By: WordPress
              Location: https://domain.com/
              Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
              X-Cache: HIT From domain.com
              Cache-Control: max-age=0
              Nginx-Cache: HIT
              Last-Modified: Monday, 15-Jan-2024 16:18:15 GMT
              X-Frame-Options: SAMEORIGIN
              X-Content-Type-Options: nosniff
              X-XSS-Protection: 1; mode=block

                  Hello, you need to test this yourself. Do you use incognito mode to access? Do you want to restart nginx after modifying the configuration?

                  shahinsafari

                      aaPanel_Kern 1- no 2- yes

                      See, I removed it from this section, but it does not apply
                      add_header Strict-Transport-Security "max-age=63072000;";

                        aaPanel_Kern
                        Hello, I thank God
                        My problem is solved

                        See, I deleted the site without deleting the database and root, I rebuilt the site, but I did not do this from the Wordpress deploy section, is there a problem?

                        2- Could I do the same thing I did using the Wordpress deploy method?

                          @aaPanel_Kern
                          I also put it with the Wordpress deploy method, thank you

                          Put the possibility of deleting and editing in the aapanel forum so that when the problem is solved, we will delete the article so that it does not take up your time

                            aaP_syedsabahathussain
                            Hello, sorry, I replied late, my server exploded 🤣

                            Your site may not be redirected correctly

                            or ssl is not activated correctly, re-enable the ssl certificate

                              2 months later
                              Connect with us: 📨 Telegram 💬 Discord Email: support@aapanel.com