missing header Strict-Transport-Security

Question

When evaluating the headers of our Help page, help.caredove.com, the results come back indicating a missing header for Strict-Transport-Security. I used Probely’s Security Headers page for this test: https://securityheaders.com/

Is this something that I can change in our Help page configuration? If not how can I go about getting the header changed?

The scan shows up 2 additional missing headers, Referrer-Policy & Permissions-Policy, but those are relatively new and do not penalize us as much at this time.

Thanks,

rob

Racheal · Accepted Answer

Hey @rob.visserRacheal from the support engineer team here👋We make use of Strict-Transport-Security on the default URL for your help center, but for custom help center domains this is something that will need to be configured on your end. Exactly how to do that depends on how you have SSL setup, I'll include the guides provided by Cloudflare and Cloudfront below 👇Cloudfront:https://docs.aws.amazon.com/whitepapers/latest/secure-content-delivery-amazon-cloudfront/improving-security-by-enabling-security-specific-headers.htmlCloudflare:https://developers.cloudflare.com/ssl/edge-certificates/additional-options/http-strict-transport-security/

rob.visser · Answer

Oh excellent, I’ll have a look and report back. Thanks Racheal.

Reply

Join the Intercom Community 🎉

Intercom Customers and Employees

Login to the community

Intercom Customers and Employees

Scanning file for viruses.

This file cannot be downloaded