News
Abstract
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks and cookie hijacking.
Content
What is it?
Note that the Strict-Transport-Security
header is ignored by the browser if the application is initially accessed over HTTP. This is because an attacker may intercept HTTP connections and inject the header or remove it. When applications are accessed using HTTPS with no certificate errors, the browser knows that your server is HTTPS capable and will honor the Strict-Transport-Security
header.
- Enable HSTS: Specifies whether to enable or disable HSTS.
- HSTS security header: Specifies the value for the header. The default policy for the Strict-Transport-Security HTTP header is set for one year (3600x24x365 seconds) with all of the subdomains included.
Why use it?
Availability
The support is enabled in the following HTTP group PTFs and PTFs:
V7R3M0 SF99722 Level 40
V7R4M0 SF99662 Level 21
V7R5M0 SF99952 Level 3
Was this topic helpful?
Document Information
Modified date:
16 August 2022
UID
ibm16612963