You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Domenico Francesco Bruscino (Jira)" <ji...@apache.org> on 2023/01/04 11:08:00 UTC

[jira] [Created] (ARTEMIS-4123) Enable Strict-Transport-Security header

Domenico Francesco Bruscino created ARTEMIS-4123:
----------------------------------------------------

             Summary: Enable Strict-Transport-Security header
                 Key: ARTEMIS-4123
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4123
             Project: ActiveMQ Artemis
          Issue Type: Improvement
            Reporter: Domenico Francesco Bruscino
            Assignee: Domenico Francesco Bruscino


The Strict-Transport-Security header is ignored by the browser when your site has only been accessed using HTTP. Once your site is accessed over HTTPS with no certificate errors, the browser knows your site is HTTPS capable and will honor the Strict-Transport-Security header. Browsers do this as attackers may intercept HTTP connections to the site and inject or remove the header.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)