View Issue Details

IDProjectCategoryView StatusLast Update
0007412OXID eShop (all versions)4.04. Securitypublic2023-01-31 10:04
ReporterQA Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status confirmedResolutionopen 
Product Version6.5.3 
Summary0007412: HSTS Header missing
DescriptionDescription
URLs that lack the HSTS response header.

The HTTP Strict-Transport-Security Response Header (HSTS) instructs browsers to access only via HTTPS and not HTTP. When a website accepts a connection to HTTP, visitors still communicate via HTTP before being redirected to HTTPS. The HSTS header instructs the browser to never load over HTTP and to automatically convert all requests to HTTPS.
Additional InformationIn fact, that would be nice, but the shop doesn't have HTTPS-only mode at the moment.
This is a feature that would currently have to be implemented as a module.

- es -
TagsNo tags attached.
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined

Relationships

has duplicate 0007410 closed Flow theme HSTS Header missing 

Activities

SvenBrunk

2023-01-31 10:04

administrator   ~0015006

We are currently evaluating the ability of the shop to work in mixed environments anyway and will take this into account as an additional feature to implement, once that is decided and in development.