Nessus或其他安全扫描程序报告System Manager未强制实施HSTS
适用场景
- ONTAP System Manager
- OnCommand System Manager
问题描述
- Nessus或其他安全扫描程序报告System Manager未强制实施HSTS。
The remote web server is not enforcing HSTS.
"The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS).
HSTS is an optional response header that can be configured on the server to instruct
the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks,
SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections."
- Quer-s扫描程序报告QID 11827存在"HTTP Security Header Not Detected (未检测到HTTP安全标头)"漏洞