You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Domenico Francesco Bruscino (Jira)" <ji...@apache.org> on 2023/01/04 11:08:00 UTC
[jira] [Created] (ARTEMIS-4123) Enable Strict-Transport-Security header
Domenico Francesco Bruscino created ARTEMIS-4123:
----------------------------------------------------
Summary: Enable Strict-Transport-Security header
Key: ARTEMIS-4123
URL: https://issues.apache.org/jira/browse/ARTEMIS-4123
Project: ActiveMQ Artemis
Issue Type: Improvement
Reporter: Domenico Francesco Bruscino
Assignee: Domenico Francesco Bruscino
The Strict-Transport-Security header is ignored by the browser when your site has only been accessed using HTTP. Once your site is accessed over HTTPS with no certificate errors, the browser knows your site is HTTPS capable and will honor the Strict-Transport-Security header. Browsers do this as attackers may intercept HTTP connections to the site and inject or remove the header.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)