Forum
Notifications
Clear all
Topic starter
08/09/2025 2:02 pm
Hello,
Is it possible to enable HSTS on the web UI (default port 444)? Our Nessus scanner is flagging the WebUI for not having HSTS and I have not found an option to enforce it. I suspect I could to it directly from Debian, but I wanted to check here first in case the direct method breaks things.
Thanks,
09/09/2025 1:28 pm
Good day, HSTS is based in a Hedear replied by the server with a similar content as follow:
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Currently we can't modify headers in our cherokee web server, modification headers plugin is not integrated, as soon we fix we will let you know.
Regards!
Topic starter
03/02/2026 5:52 am
Hello, Any update on this?
03/02/2026 9:04 am
Good day,
Could you try adding this configuration option to the Cherokee config file and restarting the daemon?
vserver!1!hsts = 1
This option should add the HSTS header.
Thank you!
Topic starter
03/02/2026 6:25 pm
Can you please provide a bit more specificity, so I am sure I'm editing the right file and don't break anything, thanks.
This post was modified 3 months ago by radiocooke
03/02/2026 6:44 pm
The directive indicated by Antonio should be tested in file:
/usr/local/skudonet/app/cherokee/etc/cherokee/cherokee.conf
You should enter the new line
vserver!1!hsts = 1
In the section vserver, i.e:
.
.
server!tls!protocol!TLSv1 = 0
server!tls!protocol!TLSv1_1 = 0
server!user = root
vserver!1!directory_index = index.html
vserver!1!hsts = 1
vserver!1!document_root = /usr/local/skudonet/www
vserver!1!error_writer!filename = /var/log/cherokee-error.log
vserver!1!error_writer!type = file
.
.
Once you add the indicated directive, restart Cherokee:
/etc/init.d/cherokee stop
/etc/Init.d/cherokee start
Regards.
Topic starter
03/02/2026 7:01 pm
This appears to be working, thank you very much!
03/02/2026 7:09 pm
Awesome! Thanks for the confirmation.
