Highest Voted 'strict-transport-security' Questions

14

votes

4 answers

Cookies are not accessible within JavaScript (and the dev tools) but sent along with XHR request (no httponly used)

I'm using both a front-end and a back-end application on a different domain with a session-based authorization. I have setup a working CORS configuration, which works as expected on localhost (e.g. from port :9000 to port :8080). As soon as I deploy…

asked Sep 20 '17 at 12:38

ssc-hrep3

10,806
4
35
77

10

votes

2 answers

For which Content-Types should I set security related HTTP response headers?

I've built a web application (with my favourite language Fantom!) and am in the process of locking it down from XSS and other such attacks by supplying industry standard HTTP response headers. My question is, for which responses should the headers…

security http-headers content-security-policy x-frame-options strict-transport-security

asked Jan 08 '18 at 13:37

Steve Eynon

4,308
1
23
44

6

votes

1 answer

Header "Strict-Transport-Security" twice in response with Swisscom CloudFoundry application

When using the Swisscom CloudFoundry solution with a Spring Boot application, two Strict-Transport-Security headers are added to a HTTPS response. I have looked into this issue, and found out that several headers are added by the CloudFoundry…

http-headers cloud-foundry hsts swisscomdev strict-transport-security

asked Oct 10 '17 at 17:05

ssc-hrep3

10,806
4
35
77

1

vote

0 answers

Trouble Enabling HttpHeaderSecurityFilter in Tomcat 7.0.82

I have edited the web.xml to enable the HttpHeaderSecurityFilter, added a few params and restarted Tomcat. I'm not seeing the strict-transport-security in the response header. I have performed the same steps on several Tomcat 9 installations with…

tomcat http-headers tomcat7 clickjacking strict-transport-security

asked Sep 30 '20 at 22:17

cbrueckner

11
2

1

vote

1 answer

Spring Strict Transport Security (HSTS) configuration not working

I'm trying to enable HSTS in my Spring Boot application. I've added the following to my WebSecurityConfig (based on Enable HTTP Strict Transport Security (HSTS) with spring boot application): @Configuration @EnableWebSecurity public class…

java spring spring-boot spring-security strict-transport-security

asked Jul 09 '19 at 15:10

Bjørn Vårdal

174
1
11

0

votes

0 answers

"Strict Transport Security" in Blazor webassembly

I Have 2 web applications: MVC & Blazor webassembly. In MVC project I was able to set up the application to enforce the strict-transport-security by adding HSTS Middleware in startup class by following the instructions in Microsoft…

c# blazor-webassembly .net-5 hsts strict-transport-security

asked Jan 15 '21 at 12:06

Husam Ebish

1,016
1
10
29

0

votes

0 answers

Trying to add strict transport header to html

Ik trying to add the Strict-Transport-Header to my Website, in HTML but I’ve used all other HTTP Headers fine but when I use this i get a 500 Error any ideas why?

html header strict-transport-security

asked Aug 22 '20 at 09:33

MaximKing

41
5

0

votes

2 answers

How to set http headers in JBoss EAP 6.1

I want to set the http headers for x-frame options and Strict-Transport-Security in jboss 6.1.0. I have been searching for the proper configuration file to add these headers, am able to see some procedures for jboss 6.4, jboss 7 but I didn't get…

jboss http-headers jboss6.x x-frame-options strict-transport-security

asked Jul 25 '19 at 14:22

Suman

21
6

0

votes

1 answer

How to examine a list of wesbites against HSTS headers?

I need to examine a list of websites to check if they support the HSTS policy or not. I grabbed their response headers. However, I am confused now because it appears that HSTS policy subscription can be done through preloaded lists and not only…

google-chrome ssl tls1.2 hsts strict-transport-security

asked Jul 09 '19 at 11:14

qbq

65
6

0

votes

1 answer

How to set the strict transport security header for jetty 9.2.25

Am trying to add strict transport security header for my jetty server 9.2.25 I have tried to add the rule to my jetty-config.xml, but it seems not working.

jetty hsts strict-transport-security

asked May 09 '19 at 08:59

Suman

21
6

0

votes

1 answer

How to Enable HSTS in Play framework 2.3.x using scala code?

I have a Play Framework 2.3.6 version app running on Sbt, using Sbt SSL endpoint with scala coding... I would like to see the (hsts)strict transport security response in the headers. I am trying locally in postman using the URL http…

scala ssl playframework-2.3 hsts strict-transport-security

asked Mar 28 '18 at 10:45

jerald

1

0

votes

1 answer

What happens if i preload HSTS with Unnecessary HSTS header over HTTP?

The HTTP page at my website sends an HSTS header. This has no effect over HTTP, and should be removed. But what if i decide to not remove the error and preload my website through the HSTS Preload form? What happens?

security preload tld hsts strict-transport-security

asked Feb 13 '18 at 22:04

jehovahsays

101
5

0

votes

1 answer

Is it possible to redirect from a non-secure to secure connection after enabling HSTS?

I recently started serving the 'strict-transport-security' header on one of my websites. A problem I hadn't anticipated is that my SSL certificate only covers mydomain.com and so if a user visits www.mydomain.com, rather than being redirected (as…

security ssl ssl-certificate hsts strict-transport-security

asked Aug 06 '17 at 12:40

Jack Roscoe

4,063
10
34
45

-1

votes

1 answer

Is there anyway I can use Strict-Transport security

Is there any way to use a Strict-Transport security header on a site but still have non-ssl sub-domains?

ssl https strict-transport-security

asked Jun 10 '17 at 09:19

Richard

4,304
3
23
41

Questions tagged [strict-transport-security]