HSTS on keycloak

Hello everyone,

I already configure my keycloak to use security headers in REALM, it’s ok, but the headers only show to me on /auth request, in the root URL it’s dont showing. If i use a site to validate HSTS(HTTP Strict Transport Security Header Testing Tool) and put my site http://d-auth.portaldedocumentos.com.br/ the site dont find the header, but if i go on chrome and press f12 i can see the HSTS header… Can anyone help me to allow HSTS on root URL?

Hi @felipe.cesar, how did you eventually solve this? i have the same problem right now.

Thanks!

I simple set this header in the front end apache for the keycloak.
Header setifempty Strict-Transport-Security ...