View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0007412||OXID eShop (all versions)||4.04. Security||public||2023-01-30 13:20||2023-01-31 10:04|
|Product Version||Patch for 6.5|
|Target Version||Fixed in Version|
|Summary||0007412: HSTS Header missing|
URLs that lack the HSTS response header.
The HTTP Strict-Transport-Security Response Header (HSTS) instructs browsers to access only via HTTPS and not HTTP. When a website accepts a connection to HTTP, visitors still communicate via HTTP before being redirected to HTTPS. The HSTS header instructs the browser to never load over HTTP and to automatically convert all requests to HTTPS.
|Additional Information||In fact, that would be nice, but the shop doesn't have HTTPS-only mode at the moment. |
This is a feature that would currently have to be implemented as a module.
- es -
|Tags||No tags attached.|
|PHP Version||Not defined|
|Database Version||Not defined|
|We are currently evaluating the ability of the shop to work in mixed environments anyway and will take this into account as an additional feature to implement, once that is decided and in development.|