Is HTTP Strict Transport Security (HSTS) enabled on PAM?
search cancel

Is HTTP Strict Transport Security (HSTS) enabled on PAM?

book

Article ID: 103738

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction



Is HTTP Strict Transport Security (HSTS) enabled on PAM?

Environment

Release: Any
Component: CAPAMX

Resolution

HTTP Strict Transport Security (HSTS) is enabled.

Additional Information

It is possible to also verify HSTS by using the Linux curl command as follows:

# curl -s -k -D- https://<pamserver> | grep -i Strict
Strict-Transport-Security: max-age=31536000; includeSubDomains 

If HSTS is enabled, there will be a Strict-Transport-Security header with the 'max-age' returned.

Following has some additional information:

https://www.namecheap.com/support/knowledgebase/article.aspx/9711//how-to-check-if-hsts-is-enabled