Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi,
We have a Qlik Web Connector running June 2023 edition. We want to enable HSTS policy so that it applies only to the machine itself:
Strict-Transport-Security: max-age=31536000
When I enable HSTS via the <RequireHSTS> directive at deploy.config, HSTS is enabled for subdomains as well:
$ curl -s -D- https://xxxx.xxxx.xxxx
....
Server: Microsoft-HTTPAPI/2.0
X-Content-Type-Options: nosniff
x-frame-options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
....
Is it possible to override that behaviour ?
Kind regards
@tevkar1 Unfortunatelly you can't configure it further as of now. Please raise a feature request with Qlik.
It could be either for a custom header, so you can just add your own, or a second version of HSTS without the IncludeSubdomain option.
best regards
Sebastian
@tevkar1 Unfortunatelly you can't configure it further as of now. Please raise a feature request with Qlik.
It could be either for a custom header, so you can just add your own, or a second version of HSTS without the IncludeSubdomain option.
best regards
Sebastian