SMA 100: How to enable HTTP Strict Transport Security (HSTS)?
10/19/2021 2 People found this article helpful 31,674 Views
This KB describes how to enable HTTP Strick Transport Security (HSTS). HSTS is a web security mechanism that helps browsers establish connections via HTTPS and limit insecure HTTP connections.
The HSTS mechanism was mostly developed to tackle SSL Strip attacks capable of downgrading secure HTTPS connections to less secure HTTP connections.
In situations where PCI scans fail due to - HTTP Security Header Not Detected port , HSTS is required to be enabled.
Here's how to configure it:
- Navigate to Portals | Portals
- Click on Add Portal or modify the existing portal
- Toggle the selection to green for Enable HTTP Strict Transport Security (HSTS) for SMA.
CAUTION: Please ensure that the Virtual Host certificate matches the Virtual Host Domain name, as HSTS requires a valid SSL configuration.
Was This Article Helpful?