HTTPS VIP is failing PCI compliance
Information
Summary: |
A Virtual Service to load balance HTTPS traffic was created but it was failing PCI Compliance. |
Environment: |
Product: LoadMaster Version: Any. Platform: Any. Application: IIS |
Question/Problem Description: |
HTTPS Virtual Service but it is failing PCI Compliance. The scanner says that the HSTS is missing despite the Strict Transport Security Header to include Sub-domains being configured. |
Steps to Reproduce: | |
Error Message: | "HSTS is missing" |
Defect Number: | |
Enhancement Number: | |
Cause: | HTST was missing as a response header. |
Resolution: |
|
Workaround: | |
Notes: |
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security |
Was this article helpful?
0 out of 0 found this helpful