Skip to main content
Docs
Feature Requests Onboarding Trust Center Status Page

Community

Other: HSTS Vulnerabilities in HVR

Answered
Sinchana Eshwar User

We are receiving HSTS vulnerabilities from HVR. The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

Please help us in configuring the remote web server to use HSTS.

Please sign in to leave a comment.

Comments

1 comment

Date Votes
  • Mark Van de Wiel User

    Hi Sinchana,

    Would it be possible to ask your network administrator to block HTTP traffic on the firewall? Doesn't that achieve the same goal?

    Also, I assume you run the hub server only on an internal server that is not exposed to the internet?

    Thank you,
    Mark.