enabling HSTS headers for Operator Console / Admin Console
search cancel

enabling HSTS headers for Operator Console / Admin Console

book

Article ID: 374684

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

We have been told by our security team to enable HTSTS or Strict-Transport-Security headers for Operator Console and/or Admin Console.

Is this possible?

Environment

20.3.3 or higher

Resolution

HSTS is enabled by default on Admin Console and Operator Console when HTTPS is enabled in DX UIM 20.3.3 or higher.

You can verify this by looking for the "HSTS-Header" configuration key in wasp.cfg under the <security_headers> section.

You should also be able to see the Strict-Transport-Security header using your web browser's Developer Tools:

 

Note that this is only valid for HTTPS connections.

 

Additional Information

Powered by Wolken Software