Skip to main content
Answered

missing header Strict-Transport-Security


When evaluating the headers of our Help page, help.caredove.com, the results come back indicating a missing header for Strict-Transport-Security. I used Probely’s Security Headers page for this test: https://securityheaders.com/

Is this something that I can change in our Help page configuration? If not how can I go about getting the header changed?

The scan shows up 2 additional missing headers, Referrer-Policy & Permissions-Policy, but those are relatively new and do not penalize us as much at this time. 

Thanks, 

rob

Best answer by Racheal

Hey @rob.visser Racheal from the support engineer team here👋 

 

We make use of Strict-Transport-Security on the default URL for your help center, but for custom help center domains this is something that will need to be configured on your end. Exactly how to do that depends on how you have SSL setup, I'll include the guides provided by Cloudflare and Cloudfront below 👇

 

View original
Did this topic help you find an answer to your question?

3 replies

Racheal
Intercom Team
Forum|alt.badge.img+5
  • Customer Support Engineer
  • 512 replies
  • Answer
  • May 2, 2023

Hey @rob.visser Racheal from the support engineer team here👋 

 

We make use of Strict-Transport-Security on the default URL for your help center, but for custom help center domains this is something that will need to be configured on your end. Exactly how to do that depends on how you have SSL setup, I'll include the guides provided by Cloudflare and Cloudfront below 👇

 


  • Author
  • New Participant
  • 2 replies
  • May 2, 2023

Oh excellent, I’ll have a look and report back. Thanks Racheal. 


  • Author
  • New Participant
  • 2 replies
  • May 2, 2023

Following the CloudFront instructions I was able to add the security headers policy.

Problem solved.

Thanks Racheal!


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings