Arena should support HTTP Strict Transport Security (HSTS) response header
This would allowed clients only access the server over an encrypted HTTPS connection and never get downgraded to an unencrypted HTTP connection
This would be an added layer of security on top of https
As per our discussion with Indrajeet, we got the following info-
this will require code changes to set the response header from the server side. We can have this as an optional parameter so could be fixable without any side effects.
|Customer Impact||Minor inconvenience|