Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Introduces a New Era of Visualization! READ ALL ABOUT IT
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
tevkar1
Contributor III
Contributor III
3 weeks ago

Qlik Web Connector - HSTS configuration

Hi,

We have a Qlik Web Connector running June 2023 edition. We want to enable HSTS policy so that it applies only to the machine itself:

 

Strict-Transport-Security:  max-age=31536000

 

 

When I enable HSTS via the <RequireHSTS> directive at deploy.config, HSTS is enabled for subdomains as well:

 

$ curl -s -D- https://xxxx.xxxx.xxxx
....
Server: Microsoft-HTTPAPI/2.0
X-Content-Type-Options: nosniff
x-frame-options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
....

 

 

Is it possible to override that behaviour ?

Kind regards

 

Labels (1)
Labels
123 Views
1 Reply
Sebastian_Linser
Support
Support
3 weeks ago

@tevkar1 Unfortunatelly you can't configure it further as of now. Please raise a feature request with Qlik.

https://community.qlik.com/t5/Official-Support-Articles/How-To-Submit-an-Idea-or-Propose-and-Improve...

 

It could be either for a custom header, so you can just add your own, or a second version of HSTS without the IncludeSubdomain option.

best regards

Sebastian

Help users find answers! Don't forget to mark a solution that worked for you! 🙂
87 Views
0 Likes