Strict Transport Security Header drop-down does not add the HSTS header
Information
| Summary: |
When the Strict Transport Security Header drop-down can be used. The difference between the Strict Transport Security Header setting and the content rule which adds the HSTS header. |
| Environment: |
Product: LoadMaster Version: Any Platform: Any Application: Any |
| Question/Problem Description: |
When using the Strict Transport Security Header drop-down the HSTS header is not being added. The HSTS header can only be added using content rules. |
| Steps to Reproduce: | |
| Error Message: | |
| Defect Number: | |
| Enhancement Number: | |
| Cause: | |
| Resolution: |
The Strict Transport Security Header drop-down only applies to responses that are generated by the LoadMaster such as ESP responses and when the Not Available Redirection Handling configuration has been triggered.
If ESP is not configured within the virtual service and the Not Available Redirection Handling has not been triggered then the content rule should be utilized to add the HSTS header to the users request. |
| Workaround: | |
| Notes: | https://support.kemptechnologies.com/hc/en-us/articles/203915119-How-to-ensure-HTTP-Strict-Transport-Security-is-implemented- |