You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
does not return Strict-Transport-Security: max-age=63072000; includeSubDomains in the header
HTTP/1.1 200 OK
Date: Wed, 23 Aug 2023 11:53:11 GMT
Last-Modified: Thu, 09 Mar 2023 20:32:30 GMT
Content-Type: text/html
Accept-Ranges: bytes
Content-Length: 2513
the certificate is valid into our organization.
and our security scanner tells
tcp/8443
142960
Web Servers
HSTS Missing From HTTPS Server (RFC 6797)
The remote web server is not enforcing HSTS, as defined by RFC 6797.
tcp/8443 [142960](https://www.tenable.com/plugins/nessus/142960) Web Servers HSTS Missing From HTTPS Server (RFC 6797) The remote web server is not enforcing HSTS, as defined by RFC 6797.
The text was updated successfully, but these errors were encountered:
It appears that the HSTS header is correctly added to the API endpoints (e.g. /api/channels or /api/system/stats), but it missing from the base URL as you've pointed out. We'll look into this issue.
Also, as a workaround, you can disable plain HTTP traffic altogether by removing or commenting out the http.port property in your mirth.properties file.
HSTS option seems not enabled event when the parameter is set to true in the mirth properties file :
curl -sSI -v https://mirth-server:8443
does not return Strict-Transport-Security: max-age=63072000; includeSubDomains in the header
HTTP/1.1 200 OK
Date: Wed, 23 Aug 2023 11:53:11 GMT
Last-Modified: Thu, 09 Mar 2023 20:32:30 GMT
Content-Type: text/html
Accept-Ranges: bytes
Content-Length: 2513
the certificate is valid into our organization.
and our security scanner tells
The text was updated successfully, but these errors were encountered: