Is HTTP Strict Transport Security (HSTS) enabled on PAM?
HTTP Strict Transport Security (HSTS) is enabled on 2.8.3, 3.0.3, 3.1.1 and 3.2.
It is possible to also verify HSTS by using the Linux curl command as follows:
[[email protected] bin]# curl -s -k -D- https://pamserver | grep -i Strict
If HSTS is enabled, there will be a Strict-Transport-Security header with the 'max-age' returned.
Following has some additional information: