Description: HTTP Strict Transport Security (HSTS) helps enforce secure HTTPS connections, protecting against downgrade attacks and cookie hijacking. Access Server doesn't enable HSTS by default because it already serves web UIs over secure HTTPS. While HSTS isn't necessary in most cases, you might enable it to enhance security or meet compliance requirements.
Keep in mind that HSTS blocks access to web UIs if you're using the default self-signed certificate, so you'll need to replace it with a valid one first.
For step-by-step instructions, see the tutorial in our official documentation:
Tutorial: How to Set UPp HTTP Strict Transport Security (HSTS) on Access Server
If you have additional questions, please submit a ticket.
Comments
0 comments
Please sign in to leave a comment.