Qlik Community

Ask a Question

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Welcome to our newly redesigned Qlik Community! Read our blog to learn about all the new updates: READ BLOG and REPORTED ISSUES
Showing results for 
Search instead for 
Did you mean: 

Vulnerabilty in HSTS QlikSense

Hi experts! how are you?

One client from auditory send me that there are one vulnerabilty in the QlikSense Server and send me this details:

The said that then have problem with the HEADER HSTS:

| http-security-headers: 

|   Strict_Transport_Security: 

|     HSTS not configured in HTTPS Server

|   Cache_Control: 

|_    Header: Cache-Control: no-cache


I found this article that said how we can modify the HSTS(link)

Someone have any other idea to control this?


Thanks a lot

Labels (2)
5 Replies

I don't follow. If the issue is that the response header doesn't have HSTS defined then why doesn't that article fit? That's the route to edit any arbitrary HTTP header inside of Qlik Sense.


Levi how are you?

I do not have any experiencia dealing with the HSTS, the title of the article said "HTTP Strict Transport Security (HSTS) in Qlik Sense" 

Because of that i asume that it is the way to change it, but clearly or pherhaps it isnt?

Change the question, what is the correct form to defined the HSTS in qliksense?

Thanks a lot for your time Levi



What do you mean it isn't being sent? This is it in my environment:



Hope you doing well, to answer you question:" What is the correct form to defined the HSTS in qliksense?". Well basically following the steps that the article provides? or is there anything else missing that we ( Levi) and I aren't getting? if you do, then please provide more clarity.




Giuseppe Novello
Principal Technical Support Engineer @ Qlik

Hello all, 


Did you find an answer to that Cache-control situation?

Ive tried adding it to the virtual proxy response header, but keep having it wrong...

Anyone knows the answer?

Kind regards.