Is HTTP Strict Transport Security (HSTS) enabled on PAM?
search cancel

Is HTTP Strict Transport Security (HSTS) enabled on PAM?

book

Article ID: 103738

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction

HTTP Strict Transport Security (HSTS) is a web security policy that for browsers to interact with a website using only HTTPS.  This prevents attacks like protocol downgrade attacks and cookie hijacking by enforcing secure, encrypted connections.
 
This article confirms the HSTS policy setting in PAM.

Resolution

HTTP Strict Transport Security (HSTS) is enabled.

Additional Information

It is possible to also verify HSTS by using the Linux curl command as follows:

# curl -s -k -D- https://<pamserver> | grep -i Strict
Strict-Transport-Security: max-age=31536000; includeSubDomains 

If HSTS is enabled, there will be a Strict-Transport-Security header with the 'max-age' returned.

Following has some additional information:

How to check if HSTS is enabled

Powered by Wolken Software