Qlik Community

Ask a Question

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
Our May 2021 end-to-end product release from Data Integration to Data Analytics is out! READ DETAILS
cancel
Showing results for 
Search instead for 
Did you mean: 
fkeuroglian
Partner
Partner

Vulnerabilty in HSTS QlikSense

Hi experts! how are you?

One client from auditory send me that there are one vulnerabilty in the QlikSense Server and send me this details:

The said that then have problem with the HEADER HSTS:

| http-security-headers: 

|   Strict_Transport_Security: 

|     HSTS not configured in HTTPS Server

|   Cache_Control: 

|_    Header: Cache-Control: no-cache

 

I found this article that said how we can modify the HSTS(link)

Someone have any other idea to control this?

 

Thanks a lot

Labels (2)
5 Replies
Levi_Turner
Employee
Employee

I don't follow. If the issue is that the response header doesn't have HSTS defined then why doesn't that article fit? That's the route to edit any arbitrary HTTP header inside of Qlik Sense.

fkeuroglian
Partner
Partner
Author

Levi how are you?

I do not have any experiencia dealing with the HSTS, the title of the article said "HTTP Strict Transport Security (HSTS) in Qlik Sense" 

Because of that i asume that it is the way to change it, but clearly or pherhaps it isnt?

Change the question, what is the correct form to defined the HSTS in qliksense?

Thanks a lot for your time Levi

Fernando

Levi_Turner
Employee
Employee

What do you mean it isn't being sent? This is it in my environment:

headers.png

 

Giuseppe_Novello

Hope you doing well, to answer you question:" What is the correct form to defined the HSTS in qliksense?". Well basically following the steps that the article provides? or is there anything else missing that we ( Levi) and I aren't getting? if you do, then please provide more clarity.

 

BR

Gio

Giuseppe Novello
Principal Technical Support Engineer @ Qlik
tlourenco
Partner
Partner

Hello all, 

 

Did you find an answer to that Cache-control situation?

Ive tried adding it to the virtual proxy response header, but keep having it wrong...

Anyone knows the answer?

Kind regards.