I am trying to write unit tests for the following Filter class, but I am not sure how it can be done. I am working on a Spring project and trying to f ...
my current ingress configuration is: now i struggle with not HSTS enabled. I can enter example.app with http and https protocol, but i want to stri ...
old.example.com redirects to new.example.com as follows One which one should I apply HSTS? I'm using Cloudflare to do the redirects. Thanks! ...
I have a domain http://radiotn.com that is redirecting to HTTPS on chrome only. I want to disable this redirection and run my website on HTTP because ...
I need to implement the HSTS header security in the ASP.Net Core 6.0 WEB API application. Below is my Program.cs and below is the launchSettings.j ...
When setting up HSTS in Cloudflare, I noticed that the default max-aged is set to 0. To my understanding this default value kind of disables the HSTS ...
We are having a weird issue where sometimes the browser will decide to use port 80 for HTTPS. The flow looks like this when it's not working (copied ...
I am trying to pass the test on https://hstspreload.org/ - However I am getting the following error below: (test.com was added to hide the domain) ...
When I add the header Strict-Transport-Security to my .htaccess file, in Apache, must the browser block all HTTP requests? ...
On Azure, I created a new API Management Service and behind it I connected all the APIs. After a penetration test, there was only one vulnerability d ...
My project is .Net Core 3.1 and I'm using azure devop task called .Net Core to build my code. I get this error: ##[error]projectNameSpace\Startup.cs( ...
In MDN HTTP Strict Transport Security (HSTS), it has an example of HSTS settings as below where I can find the corresponding mean of max-age and in ...
I need to send HSTS header in the response header of Azure function app for API (not web app). I was able to add HSTS with required options, but unabl ...
Environment: Ubuntu 18.04.6 Desktop 64-bit Google Chrome 98.0.4758.80 (Official Build) (64-bit) FireFox 92.0 (64-bit) What I did: Insta ...
I want to enable HSTS header for my lighttpd server. As per the this article, the HSTS header does get set, but I can see that the server sends this h ...
I have a spring boot application I would like to enable HSTS I added the documented settings to my SecurityConfiguration (see below), but HSTS ...
I'm trying to redirect http://dev.example.com to https://www.example/dev using this code in my htaccess: A security evaluation company is complai ...
I have a doubt related to the hsts response header. I'm developing a web application and currently I covered all the endpoints (with 200 ok responses) ...
I have a website where the user can make unlimited subdomains for that website. One of our customers wants us to have HSTS enabled on the header so I ...
In trying to understand the HSTS mechanism, I could not wrap my head around the max-age directive. Couldn't the presence/absence of the HSTS header be ...