Fix DAST Issue : Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)

[Facetorushikesh]

Scan Date: Wed, 1 May 2024 01:44:12 URLs Impacted:

• https://tuesday-roja-vm-9591.fyre.ibm.com:12443
• https://tuesday-roja-vm-9591.fyre.ibm.com:12443/

DAST Scan Results

| CWE ID | Severity | Description | Location | Evidence | Solution | | --- | --- | --- | --- | --- | --- | | [319](https://cwe.mitre.org/data/definitions/319.html) | Low | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | **Method:** GET **Parameter:** | | Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header. |

[Facetorushikesh]

Scan Date: Wed, 1 May 2024 01:44:12 URLs Impacted:

• https://tuesday-roja-vm-9591.fyre.ibm.com:12443
• https://tuesday-roja-vm-9591.fyre.ibm.com:12443/

DAST Scan Results

| CWE ID | Severity | Description | Location | Evidence | Solution | | --- | --- | --- | --- | --- | --- | | [319](https://cwe.mitre.org/data/definitions/319.html) | Low | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | **Method:** GET **Parameter:** | | Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header. |