The security team at one of my customers has said that the HSTS-header is not placed on the following URL's:
Is this a known issue? Can we expect the HSTS-Header to not be placed on these URL's, or should they also be placed on those URL's?
Thanks in advance!
Solved! Go to Solution.
First three endpoints are ActiveGate component endpoints are the excluded from hsts. The last one is part of REST API path and there’s no resource in that specific path anyway.
If you have more sensitive questions, open a support case.