Question

  • Creator
    Topic
  • #4246900

    HSTS Missing From HTTPS Server (RFC 6797) No IIS installed

    by lewis.burrell ·

    Hi there I am doing a bit of testing with a product called Nessus and it has picked up the following

    HSTS Missing From HTTPS Server (RFC 6797)

    The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS.

    The remote HTTPS server does not send the HTTP
    “Strict-Transport-Security” header.

    Output
    HTTP/1.1 401 Unauthorized
    Connection: close
    Server: WASABI/1.1
    Content-Length: 73

    Configure the remote web server to use HSTS.

    ————————————–

    This Server does not have IIS installed on it how can i enforce this server to use HSTS when responding? What file do i need to change?

    Any guidance would be great

    Thanks

You are posting a reply to: HSTS Missing From HTTPS Server (RFC 6797) No IIS installed

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

Viewing 0 reply threads