View Issue Details

IDProjectCategoryView StatusLast Update
0007412OXID eShop (all versions)4.04. Securitypublic2023-01-31 10:04
Status confirmedResolutionopen 
Product Version6.5.3 
Target VersionFixed in Version 
Summary0007412: HSTS Header missing
URLs that lack the HSTS response header.

The HTTP Strict-Transport-Security Response Header (HSTS) instructs browsers to access only via HTTPS and not HTTP. When a website accepts a connection to HTTP, visitors still communicate via HTTP before being redirected to HTTPS. The HSTS header instructs the browser to never load over HTTP and to automatically convert all requests to HTTPS.
Additional InformationIn fact, that would be nice, but the shop doesn't have HTTPS-only mode at the moment.
This is a feature that would currently have to be implemented as a module.

- es -
TagsNo tags attached.
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined


has duplicate 0007410 closed Flow theme HSTS Header missing 


Sven Brunk

2023-01-31 10:04

administrator   ~0015006

We are currently evaluating the ability of the shop to work in mixed environments anyway and will take this into account as an additional feature to implement, once that is decided and in development.