View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007412 | OXID eShop (all versions) | 4.04. Security | public | 2023-01-30 13:20 | 2023-01-31 10:04 |
| Reporter | QA | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | confirmed | Resolution | open | ||
| Product Version | 6.5.3 | ||||
| Summary | 0007412: HSTS Header missing | ||||
| Description | Description URLs that lack the HSTS response header. The HTTP Strict-Transport-Security Response Header (HSTS) instructs browsers to access only via HTTPS and not HTTP. When a website accepts a connection to HTTP, visitors still communicate via HTTP before being redirected to HTTPS. The HSTS header instructs the browser to never load over HTTP and to automatically convert all requests to HTTPS. | ||||
| Additional Information | In fact, that would be nice, but the shop doesn't have HTTPS-only mode at the moment. This is a feature that would currently have to be implemented as a module. - es - | ||||
| Tags | No tags attached. | ||||
| Theme | Not defined | ||||
| Browser | Not defined | ||||
| PHP Version | Not defined | ||||
| Database Version | Not defined | ||||
| has duplicate | 0007410 | closed | Flow theme | HSTS Header missing |
