Re: 142960 - HSTS Missing From HTTPS Server (RFC 6... - Qlik Community

Kaushik2020 · ‎2025-11-24

Hello Everyone, Just wondering if anyone have gone through the mentioned vulnerability. Here Cyber security team is doing a VAPT where they found these on the server where we have currently ONLY Qlik Sense running.

I was exploring these in Chatgpt. below were the steps.

You can add the HSTS header in the Virtual Proxy configuration.

Steps (QMC):

Open QMC
Go to Virtual Proxies
Select the virtual proxy your users connect through (often “CentralProxy”)
Scroll to Advanced
In Additional response headers, add:

Strict-Transport-Security: max-age=31536000; includeSubDomains

Ensure:

HTTPS enabled
HTTP disabled or redirected
Certificate valid

Restart Qlik Proxy Service

Just wondering, if anyone have tried these before ?

Thanks

Maria_Halley · ‎2025-12-04

Hi @Kaushik2020 It looks like Chatgpt found the correct information for you . Here is a link to the Knowledge article we have about this.

https://community.qlik.com/t5/Official-Support-Articles/HTTP-Strict-Transport-Security-HSTS-in-Qlik-...
Note that this will only affect connections through the proxy. Internal ports will not be affected. But they are already using https.

Lily435 · ‎2026-01-01

Hi @Kaushik2020 It looks like Chatgpt found the correct information for you . Here is a link to the Knowledge article we have about this.

Lily435 · ‎2026-01-01

Hi @Kaushik2020 It looks like Chatgpt found the correct information for you . Here is a link to the Knowledge article we have about this.

142960 - HSTS Missing From HTTPS Server (RFC 6797)

Administering and Monitoring

Administration

General Question

Job Server