cancel
Showing results for 
Search instead for 
Did you mean: 

HSTS - HTTP Strict Transport Security

New Contributor

HSTS - HTTP Strict Transport Security

Accoring to KB40348, HSTS should be enabled in 8.2r6+
I have tried 8.2r6 and the newest 8.2r7 of PCS.
Neither seem to have the correct term in the http header.
(Strict-Transport-Security: max-age=31536000)

That makes us fail a homeland security check.

What is the true status of this? I have heard 8.3 should fix it, but no concrete data can be found.

Info on HSTS: https://pulse.cio.gov/https/guidance/

Scott
Tags (1)
3 REPLIES 3
New Contributor

Re: HSTS - HTTP Strict Transport Security

After further testing, what I have found is if I include the entire login URL (including welcome.cgi) the header is there. But if I enter in the root url of the device, the header is not present on the redirect.
Moderator

Re: HSTS - HTTP Strict Transport Security

Please open a ticket; I do not know if it was expected that the non-redirected URLs would have this enabled
New Member

Re: HSTS - HTTP Strict Transport Security

What was the resolution of this?