Dx NetOps - Web Assessment Vulnerability - HTTP Strict Transport Security (HSTS) not implemented

book

Article ID: 210069

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Security Centre team scan web vulnerability assessment on the spectrum one click. They have found HTTP Strict Transport Security (HSTS) not implemented.

Cause

"HTTP Strict Transport Security (HSTS) tells a browser that a web site is only accessible using HTTPS. It was
detected that your web application doesn't implement HTTP Strict Transport Security (HSTS) as the Strict
Transport Security header is missing from the response."

Environment

Release : 10.4.1

Component : Spectrum Core / SpectroSERVER

Resolution

This has been addressed in Spectrum 10.4.3 version.

Additional Information

Recommended to implement HTTP Strict Transport Security (HSTS) into web application.

https://knowledge.broadcom.com/external/article?articleId=208452