View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007410 | Flow theme | Theme | public | 2023-01-27 13:25 | 2023-01-30 13:31 |
| Reporter | frogger14033 | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | duplicate | ||
| Summary | 0007410: HSTS Header missing | ||||
| Description | Beschreibung URLs, denen der HSTS-Antwortheader fehlt. Der HTTP Strict-Transport-Security Response Header (HSTS) weist Browser an, dass der Zugriff nur über HTTPS und nicht über HTTP erfolgen soll. Wenn eine Website eine Verbindung zu HTTP akzeptiert, kommunizieren Besucher vor der Umleitung zu HTTPS zunächst noch über HTTP. Der HSTS-Header weist den Browser an, niemals über HTTP zu laden und alle Anfragen automatisch in HTTPS umzuwandeln. Description URLs that lack the HSTS response header. The HTTP Strict-Transport-Security Response Header (HSTS) instructs browsers to access only via HTTPS and not HTTP. When a website accepts a connection to HTTP, visitors still communicate via HTTP before being redirected to HTTPS. The HSTS header instructs the browser to never load over HTTP and to automatically convert all requests to HTTPS. | ||||
| Tags | No tags attached. | ||||
