Strict-Transport-Security header not set on 404 pages #2717

dsotirho-ucsc · 2025-02-04T23:32:21Z

ZAP scan finding
Severity: Low

HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.

Example:

https://data.humancellatlas.org/favicon.ico (404 page)

Solution:

Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.

achave11-ucsc · 2025-02-05T20:07:02Z

Duplicate of https://github.com/DataBiosphere/azul-private/issues/81, which we closed as won't fix.

dsotirho-ucsc added the orange [process] Done by the Azul team label Feb 4, 2025

github-actions bot added the canary Done by the Clever Canary label Feb 4, 2025

achave11-ucsc closed this as completed Feb 5, 2025

achave11-ucsc reopened this Feb 5, 2025

achave11-ucsc closed this as not planned Won't fix, can't repro, duplicate, stale Feb 5, 2025

achave11-ucsc added the duplicate [process] This issue or pull request already exists label Feb 5, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Strict-Transport-Security header not set on 404 pages #2717

Strict-Transport-Security header not set on 404 pages #2717

dsotirho-ucsc commented Feb 4, 2025

achave11-ucsc commented Feb 5, 2025

Strict-Transport-Security header not set on 404 pages #2717

Strict-Transport-Security header not set on 404 pages #2717

Comments

dsotirho-ucsc commented Feb 4, 2025

achave11-ucsc commented Feb 5, 2025