-
Once full-HTTPS has been in place for a while, we should enable Strict Transport Security, using:
```
Strict-Transport-Security: max-age=31536000; includeSubDomains;
```
We should only add this once…
mvl22 updated
9 years ago
-
- Site: [https://aqemia.admida0ui.de](https://aqemia.admida0ui.de)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total: 5:
- [https://aqemia.admida0ui.de/](https:…
-
Possible HTTP headers:
```
Strict-Transport-Security: max-age=10886400
Strict-Transport-Security: max-age=10886400; includeSubDomains
```
This should be sent both on non-SSL responses (e.g. redirect…
-
**Is your feature request related to a problem? Please describe.**
Add the ability to set/add Strict-Transport-Security which would add the required headers and values to requests
**Describe the s…
-
Hi, I encountered a Nessus Scan issue stating HSTS Missing From HTTPS Server (RFC 6797) from EPR hosting on Podman.
Podman Version: 4.20
EPR Version: 8.6.1
RHEL Version: 9.1
Is there anyway i ca…
-
I'm trying to activate HTTP Strict Transport Security (HSTS) by following [NGINX's official approach](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/).
As I understand it,…
-
Issue Level: Moderate
First Discovered: 1/22/2022
Remediation Date: 4/22/2022
-
## Environment & Version
### Environment
- [x] docker compose
- [ ] kubernetes
- [ ] docker swarm
### Version
- Version: 2.0
## Description
Currently Mailu adds `Strict-Transport-Sec…
-
Fresh install of 25f725d67a6d2542cd586ab7c56baca572eb4f88 .
Using the provided nginx conffile from installation instructions results in an invalid duplication of `strict-transport-security` :
…
-
Cloudsec report: https://github.com/mozilla-services/cloudsec/wiki/Latest-shavar.services.mozilla.com
MDN article: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Securit…