Enabling HSTS for arcotadmin application in Weblogic
search cancel

Enabling HSTS for arcotadmin application in Weblogic

book

Article ID: 387560

calendar_today

Updated On:

Products

CA Risk Authentication CA Advanced Authentication CA Advanced Authentication - Risk Authentication (RiskMinder / RiskFort) CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort) CA Strong Authentication

Issue/Introduction

Can HSTS be enabled for arcotadmin application on WebLogic Server?

Environment

Symantec Advanced Authentication 9.1.x

Oracle Weblogic Server

Resolution

HSTS cannot be addressed through Javascript as it is a client-side code, and HTTP headers are set by the server during the response phase. JavaScript cannot directly control HTTP headers. 

To manage security headers like Strict-Transport-Security, you must configure the application server properly.

To enable HSTS for arcotadmin application in Weblogic server, you can refer to the section HTTP Strict Transport Security in Weblogic documentation.

Powered by Wolken Software