OpenText product name changes coming to the community soon! Learn more.

Wikis - Page

Knowledge Doc: HSTS Missing from HTTPS server on COSO side

0 Likes

how to add HSTS in HTTPS Server

Environment

OPTIC Management Toolkit (OMT) 2021.11

Situation

HSTS is missing from HTTPS Server.

Cause

The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

For resolution please refer to the complete knowledge document.

Labels:

Support Tips/Knowledge Docs
Comment List
Related
Recommended