panizzag
Contributor
Contributor

I ran that curl command on 9443 and got the header
< HTTP/1.1 200
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains

However the scanner still shows the vulnerability on 9443

Did you  mean that the scanner must be adjusted instead of adding this to /etc/httpd/httpd.conf ?


<VirtualHost www.example.com:80>

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

</VirtualHost>

 

Thanks in advance

Reply
0 Kudos