Binara-Prabhanga / AcademyNet

0 stars 0 forks source link

Strict-Transport-Security Header Not Set #25

Closed Vihitha-Wijerathne closed 1 month ago

Vihitha-Wijerathne commented 1 month ago

Description: The application is missing the HTTP Strict Transport Security (HSTS) header, which is crucial for enforcing secure HTTPS connections. Without this header, the application is vulnerable to man-in-the-middle attacks, compromising user data and security.

Proposed Fix: Implement the Strict-Transport-Security header in our server configuration to ensure that browsers interact with our server only via secure HTTPS connections.

Vihitha-Wijerathne commented 1 month ago

Successfully resolved security issue by adding strict transport security header