Forum Discussion
1 Reply
Sort By
- Lee_SutcliffeNacreous
You will need to determine the best settings for HSTS for your organisation however this is an example taken from the OWASP Cheat Sheet:
This example will check if the HSTS header exists, if it doesn't it will be inserted. You may wish to change the logic a bit and remove the header if it does exist to ensure consistency.
when HTTP_RESPONSE { if {!([HTTP::header exists "Strict-Transport-Security"])} { HTTP::header insert name "Strict-Transport-Security" value "Strict-Transport-Security: max-age=86400; includeSubDomains" } }
Let me know how you get on
Lee