HSTS - Enhances the security of website's visitors by prohibiting web browsers from accessing the website via insecure HTTP connections. If visitors are unable to connect via HTTPS, your website will become unavailable.
OCSP Stapling - Enhances the privacy of website's visitors and improves the website performance. The web server will request the status of the website's certificate (can be good, revoked, or unknown) from the CA instead of the visitor's browser doing so.
DracoBlue HSTS
You can always set HSTS using htaccess / nginx config
For HSTS you can add the line in .htaccess Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
For OCSP Stapling, I have never heard of this before. I found steps here https://www.ssldragon.com/blog/ocsp-stapling/#enable-ocsp-stapling
Andreas Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Be very careful using preload and make sure you know what it means and that you are aware of the potential problems before you do. I'd also recommend starting with a lower max-age and testing before putting a long one.
John-P Thanks for the feedback. I will look into this more. Do you have any recommendations or suggestions on this?
Andreas I found the helpful resource guide from:- https://certera.com/blog/what-is-ocsp-stapling-or-ssl-stapling-a-detailed-guide/. As I was getting the error, so followed the steps. Maybe it will be helpful.
What a rabbit hole I just went down with this and security headers.
this might be useful resource: https://cheapsslweb.com/resources/what-is-hsts-certificate
I just followed this steps and I got relief from this hsts issue!
Perhaps they could also add an option to include the ca_bundle if they are using custom certificates.
i assume most websites on enhance panels are using free letsencrypt certificates.
just so everyone's aware, letscencrypt has ended support for ocsp.
