6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Strict Transport Security Not Enforced fixed in IIS but still insecure\",\"text\":\"

I configured HSTS in HttpResponseHeaders giving value as maxtime = 31536000 but still showing insecure popup in URL and using HTTP

\\n

given name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains; preload" in HTTP Response Headers.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Avishaa Anu\"},\"upvoteCount\":0,\"answerCount\":0,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","security",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/security/1","children":"security"}]}],["$","span","iis",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/iis/1","children":"iis"}]}],["$","span","strict",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/strict/1","children":"strict"}]}],["$","span","hsts",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/hsts/1","children":"hsts"}]}],["$","span","transport",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/transport/1","children":"transport"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/e65c7cddb0d60bff27e9549865ddbe2e?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Avishaa Anu","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/28370568/avishaa-anu","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Avishaa Anu"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Strict Transport Security Not Enforced fixed in IIS but still insecure"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I configured HSTS in HttpResponseHeaders giving value as maxtime = 31536000 but still showing insecure popup in URL and using HTTP

given name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains; preload" in HTTP Response Headers.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",0]}],["$","p",null,{"children":["Views: ",25]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",0,")"]}],[]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","74859689",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/74859689","className":"text-blue-600 hover:underline","children":"Checkmarx: Missing HSTS Header in React Application"}]}],["$","li","76734680",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/76734680","className":"text-blue-600 hover:underline","children":"Strict-Transport-Security Header only have max-age"}]}],["$","li","76530783",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/76530783","className":"text-blue-600 hover:underline","children":"How strict transport security header should applied on www subdomain?"}]}],["$","li","66982606",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/66982606","className":"text-blue-600 hover:underline","children":"Angular Preflight Request to Add Headers"}]}],["$","li","68253535",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/68253535","className":"text-blue-600 hover:underline","children":"HSTS (HTTP Strict Transport Security) on Node-red"}]}],["$","li","56055798",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/56055798","className":"text-blue-600 hover:underline","children":"How to set the strict transport security header for jetty 9.2.25"}]}],["$","li","48101729",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/48101729","className":"text-blue-600 hover:underline","children":"Adding HTTP Strict Transport Security to .htaccess"}]}],["$","li","47385399",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/47385399","className":"text-blue-600 hover:underline","children":"Is it fine to use duplicate response header with same value?"}]}],["$","li","40071201",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/40071201","className":"text-blue-600 hover:underline","children":"Remove HTTP Strict Transport Security (HSTS) response header in spring oauth2 token API"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Strict Transport Security Not Enforced fixed in IIS but still insecure

Answers (0)

Related Questions