hsts
9 Topics
to HSTS or not to HSTS
Hello, we have several 100's applications where are only exposed on port 443 with its proper certificate. We don't have any VIP on other port redirect to 443. Now, enabling HSTS will bring me more security against man-in-the-middle. However, I have read that we have to make sure that "the code does not have any reference to http (80)". If I am offloading, in theory, there no reference to http as the F5 is offloading and HSTS will not break anything or would it? Thank you and be safe JSolved657Views1like2Comments