Forum Discussion
Lee_Sutcliffe
Jun 12, 2019Nacreous
You will need to determine the best settings for HSTS for your organisation however this is an example taken from the OWASP Cheat Sheet:
This example will check if the HSTS header exists, if it doesn't it will be inserted. You may wish to change the logic a bit and remove the header if it does exist to ensure consistency.
when HTTP_RESPONSE {
if {!([HTTP::header exists "Strict-Transport-Security"])} {
HTTP::header insert name "Strict-Transport-Security" value "Strict-Transport-Security: max-age=86400; includeSubDomains"
}
}
Let me know how you get on
Lee