Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
BI & Data Trends 2021. Discover the top 10 trends emerging in today. Join us on Dec. 8th REGISTER
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Partner
Partner

Vulnerabilty in HSTS QlikSense

Hi experts! how are you?

One client from auditory send me that there are one vulnerabilty in the QlikSense Server and send me this details:

The said that then have problem with the HEADER HSTS:

| http-security-headers: 

|   Strict_Transport_Security: 

|     HSTS not configured in HTTPS Server

|   Cache_Control: 

|_    Header: Cache-Control: no-cache

 

I found this article that said how we can modify the HSTS(link)

Someone have any other idea to control this?

 

Thanks a lot

Labels (2)
5 Replies
Employee
Employee

I don't follow. If the issue is that the response header doesn't have HSTS defined then why doesn't that article fit? That's the route to edit any arbitrary HTTP header inside of Qlik Sense.

Highlighted
Partner
Partner

Levi how are you?

I do not have any experiencia dealing with the HSTS, the title of the article said "HTTP Strict Transport Security (HSTS) in Qlik Sense" 

Because of that i asume that it is the way to change it, but clearly or pherhaps it isnt?

Change the question, what is the correct form to defined the HSTS in qliksense?

Thanks a lot for your time Levi

Fernando

Highlighted
Employee
Employee

What do you mean it isn't being sent? This is it in my environment:

headers.png

 

Highlighted

Hope you doing well, to answer you question:" What is the correct form to defined the HSTS in qliksense?". Well basically following the steps that the article provides? or is there anything else missing that we ( Levi) and I aren't getting? if you do, then please provide more clarity.

 

BR

Gio

Giuseppe Novello
Principal Technical Support Engineer @ Qlik
Highlighted
Partner
Partner

Hello all, 

 

Did you find an answer to that Cache-control situation?

Ive tried adding it to the virtual proxy response header, but keep having it wrong...

Anyone knows the answer?

Kind regards.