Question
-
Topic
-
HSTS Missing From HTTPS Server (RFC 6797) No IIS installed
Hi there I am doing a bit of testing with a product called Nessus and it has picked up the following
HSTS Missing From HTTPS Server (RFC 6797)
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS.
The remote HTTPS server does not send the HTTP
“Strict-Transport-Security” header.Output
HTTP/1.1 401 Unauthorized
Connection: close
Server: WASABI/1.1
Content-Length: 73Configure the remote web server to use HSTS.
————————————–
This Server does not have IIS installed on it how can i enforce this server to use HSTS when responding? What file do i need to change?
Any guidance would be great
Thanks