Make sure that headers.load is enabled under /etc/apache2/mods-enabled/. It is checked by getting the list of folder contents with the following command.
ls /etc/apache2/mods-enabled/
output of above command
access_compat.load authn_core.load authz_user.load deflate.load filter.load mpm_prefork.conf proxy.conf reqtimeout.load socache_shmcb.load alias.conf authn_file.load autoindex.conf dir.conf headers.load mpm_prefork.load proxy_fcgi.load rewrite.load ssl.conf alias.load authz_core.load autoindex.load dir.load mime.conf negotiation.conf proxy.load setenvif.conf ssl.load auth_basic.load authz_host.load deflate.conf env.load mime.load negotiation.load reqtimeout.conf setenvif.load
The headers.load file may not be enabled. For this, the activation process can be completed by executing the following command.
sudo a2enmod headers
Apache is restarted for the changes to take effect.
sudo systemctl restart apache2
Configure the header settings per website that uses SSL, the configuration file can normally be found in /etc/apache2/sites-enabled/.
sudo nano /etc/apache2/sites-enabled/domain-ssl.conf
Save the final code edits as below and exit.
<VirtualHost *:443> ... Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" ... </VirtualHost>