https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1607791#M14254 <P>What do you mean it isn't being sent? This is it in my environment:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="headers.png" style="width: 842px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/16271i2BA6C06278665216/image-size/large?v=v2&amp;px=999" role="button" title="headers.png" alt="headers.png" /></span></P> <P>&nbsp;</P> Wed, 31 Jul 2019 01:00:46 GMT Levi_Turner 2019-07-31T01:00:46Z https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1607050#M14244 <P>Hi experts! how are you?</P><P>One client from auditory send me that there are one vulnerabilty in the QlikSense Server and send me this details:</P><P>The said that then have problem with the HEADER HSTS:</P><P>| http-security-headers:&nbsp;</P><P>|&nbsp; &nbsp;Strict_Transport_Security:&nbsp;</P><P>|&nbsp; &nbsp; &nbsp;HSTS not configured in HTTPS Server</P><P>|&nbsp; &nbsp;Cache_Control:&nbsp;</P><P>|_&nbsp; &nbsp; Header: Cache-Control: no-cache</P><P>&nbsp;</P><P>I found this article that said how we can modify the HSTS<A href="https://support.qlik.com/articles/000045276" target="_self">(link)</A></P><P>Someone have any other idea to control this?</P><P>&nbsp;</P><P>Thanks a lot</P> Sat, 16 Nov 2024 05:08:23 GMT https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1607050#M14244 fkeuroglian 2024-11-16T05:08:23Z https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1607077#M14245 <P>I don't follow. If the issue is that the response header doesn't have HSTS defined then why doesn't that article fit? That's the route to edit any arbitrary HTTP header inside of Qlik Sense.</P> Mon, 29 Jul 2019 14:42:28 GMT https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1607077#M14245 Levi_Turner 2019-07-29T14:42:28Z https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1607242#M14246 <P>Levi how are you?</P><P>I do not have any experiencia dealing with the HSTS, the title of the article said "<FONT size="4">HTTP Strict Transport Security (HSTS) in Qlik Sense"&nbsp;</FONT></P><P><FONT size="4">Because of that i asume that it is the way to change it, but clearly or pherhaps it isnt?</FONT></P><P><FONT size="4">Change the question, what is the correct form to defined the HSTS in qliksense?</FONT></P><P>Thanks a lot for your time Levi</P><P>Fernando</P> Mon, 29 Jul 2019 21:08:26 GMT https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1607242#M14246 fkeuroglian 2019-07-29T21:08:26Z https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1607791#M14254 <P>What do you mean it isn't being sent? This is it in my environment:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="headers.png" style="width: 842px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/16271i2BA6C06278665216/image-size/large?v=v2&amp;px=999" role="button" title="headers.png" alt="headers.png" /></span></P> <P>&nbsp;</P> Wed, 31 Jul 2019 01:00:46 GMT https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1607791#M14254 Levi_Turner 2019-07-31T01:00:46Z https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1608117#M14258 <P>Hope you doing well, to answer you question:" W<SPAN>hat is the correct form to defined the HSTS in qliksense?". Well basically following the steps that the article provides? or is there anything else missing that we ( Levi) and I aren't getting? if you do, then please provide more clarity.</SPAN></P> <P>&nbsp;</P> <P><SPAN>BR</SPAN></P> <P><SPAN>Gio</SPAN></P> Wed, 31 Jul 2019 15:02:00 GMT https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1608117#M14258 Giuseppe_Novello 2019-07-31T15:02:00Z https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1718025#M16165 <P>Hello all,&nbsp;</P><P>&nbsp;</P><P>Did you find an answer to that Cache-control situation?</P><P>Ive tried adding it to the virtual proxy response header, but keep having it wrong...</P><P>Anyone knows the answer?</P><P>Kind regards.</P> Thu, 11 Jun 2020 17:30:30 GMT https://community.qlik.com/t5/Management-Governance/Vulnerabilty-in-HSTS-QlikSense/m-p/1718025#M16165 tlourenco 2020-06-11T17:30:30Z