Answered

missing header Strict-Transport-Security

  • 27 April 2023
  • 3 replies
  • 50 views

When evaluating the headers of our Help page, help.caredove.com, the results come back indicating a missing header for Strict-Transport-Security. I used Probely’s Security Headers page for this test: https://securityheaders.com/

Is this something that I can change in our Help page configuration? If not how can I go about getting the header changed?

The scan shows up 2 additional missing headers, Referrer-Policy & Permissions-Policy, but those are relatively new and do not penalize us as much at this time. 

Thanks, 

rob

icon

Best answer by Racheal 2 May 2023, 03:35

View original

3 replies

Userlevel 4
Badge

Hey @rob.visser Racheal from the support engineer team here👋 

 

We make use of Strict-Transport-Security on the default URL for your help center, but for custom help center domains this is something that will need to be configured on your end. Exactly how to do that depends on how you have SSL setup, I'll include the guides provided by Cloudflare and Cloudfront below 👇

 

Oh excellent, I’ll have a look and report back. Thanks Racheal. 

Following the CloudFront instructions I was able to add the security headers policy.

Problem solved.

Thanks Racheal!

Reply