OES uses Apache as web server for services such as UMC, iManager, and MFA. The HTTP Strict Transport Security (HSTS) response header must be added to the virtual host configuration to enforce HTTPS.
To enable HSTS, perform the following steps:
In the terminal window, open the file /etc/apache2/vhosts.d/vhost-ssl.conf.
In <VirtualHost _default_:443> block, add HSTS header line.
Example 17-1 Sample HSTS header to enforce HTTPS for two years (max age in seconds)
Header always set Strict-Transport-Security max-age=63072000
Restart Apache using systemctl restart apache2 command.
For more information, see Apache Documentation.