View Issue Details
|OXID eShop (all versions)
|Fixed in Version
|0007412: HSTS Header missing
URLs that lack the HSTS response header.
The HTTP Strict-Transport-Security Response Header (HSTS) instructs browsers to access only via HTTPS and not HTTP. When a website accepts a connection to HTTP, visitors still communicate via HTTP before being redirected to HTTPS. The HSTS header instructs the browser to never load over HTTP and to automatically convert all requests to HTTPS.
|In fact, that would be nice, but the shop doesn't have HTTPS-only mode at the moment.
This is a feature that would currently have to be implemented as a module.
- es -
|No tags attached.