Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Suggest an Idea

Vote for your favorite Qlik product ideas and add your own suggestions.

Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE

Enable HSTS for QEM and Replicate webapps

Prabodh
Creator II
Creator II
‎2021-07-07 04:14 PM

Enable HSTS for QEM and Replicate webapps

The Replicate and QEM web applications do not enforce HTTP Strict Transport Security (HSTS).

The application should instruct web browsers to only access the application using HTTPS. To do this, enable HTTP Strict Transport Security (HSTS) by adding a response header with the name 'Strict-Transport-Security' and the value 'max-age=expireTime', where expireTime is the time in seconds that browsers should remember that the site should only be accessed using HTTPS. Consider adding the 'includeSubDomains' flag if appropriate.

This is a security best practice recommended by our penetration testing team.

Status: Closed - Already Available Submitted by Creator II on ‎2021-07-07 04:14 PM
175 Views
0 Likes
1 Comment
Shelley_Brennan
Former Employee
Former Employee
‎2021-07-12 08:12 AM

This capability was made available for Enterprise Manager in version 7 (Nov 2020) release.  Please refer to the following: https://help.qlik.com/en-US/enterprise-manager/May2021/Content/Global_Common/Content/SharedEMReplica...

Status changed to: Closed - Already Available
Subscribe by Topic