Vihitha-Wijerathne
commented
1 month ago Successfully resolved security issue by adding strict transport security header
Closed Vihitha-Wijerathne closed 1 month ago
Vihitha-Wijerathne
commented
1 month ago Successfully resolved security issue by adding strict transport security header
Description: The application is missing the HTTP Strict Transport Security (HSTS) header, which is crucial for enforcing secure HTTPS connections. Without this header, the application is vulnerable to man-in-the-middle attacks, compromising user data and security.
Proposed Fix: Implement the Strict-Transport-Security header in our server configuration to ensure that browsers interact with our server only via secure HTTPS connections.