NetTalk Central

Author Topic: Strict-Transport-Security / Missing Header  (Read 2014 times)

rupertvz

  • Sr. Member
  • ****
  • Posts: 313
    • View Profile
    • Email
Strict-Transport-Security / Missing Header
« on: April 21, 2021, 02:36:45 AM »
Hi Bruce,

We've run a security and vulnerability scan for a client on their web application.
The only problem we picked up was a finding on "Strict-Transport-Security / Missing Header"

How can we pass this security check?


urayoan

  • Full Member
  • ***
  • Posts: 222
    • View Profile
    • AZ Rock Radio
Re: Strict-Transport-Security / Missing Header
« Reply #1 on: April 21, 2021, 03:38:29 AM »
Hi rupertvz:
  What version of NetTalk you have installed? I think that was addressed in recent version as far as I recall

rupertvz

  • Sr. Member
  • ****
  • Posts: 313
    • View Profile
    • Email
Re: Strict-Transport-Security / Missing Header
« Reply #2 on: April 21, 2021, 05:38:37 AM »
Thank you, I am using 11.45


urayoan

  • Full Member
  • ***
  • Posts: 222
    • View Profile
    • AZ Rock Radio
Re: Strict-Transport-Security / Missing Header
« Reply #3 on: April 21, 2021, 05:55:24 AM »
Thank you, I am using 11.45

I think in that version of NetTalk, the server settings tab template is included. If implemented, you are gonna see something like the screenshot included in this post.

If not, I think another way to implement the Strict-Transport-Security is with this, near the embed

s_web._SitesQueue.Defaults.StrictTransportSecurity = 'Strict-Transport-Security: max-age=31536000;'

More examples how to set it here
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security