Skip to Main Content
Zaloni Ideas
Status On the Backlog
Categories Data Security
Created by Mrinmoy Jyoti Kaushik
Created on Mar 17, 2021

HSTS support for Arena

Arena should support HTTP Strict Transport Security (HSTS) response header

This would allowed clients only access the server over an encrypted HTTPS connection and never get downgraded to an unencrypted HTTP connection

This would be an added layer of security on top of https

As per our discussion with Indrajeet, we got the following info-

this will require code changes to set the response header from the server side. We can have this as an optional parameter so could be fixable without any side effects.

Support Ticket PS-30115
Customer Impact Minor inconvenience
  • Attach files