Security Scans Show Issue With Agent Ports although the OMS is configured to use HTTP Strict Transport Security (HSTS)
(Doc ID 2721749.1)
Last updated on MAY 03, 2021
Applies to:Enterprise Manager Base Platform - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
The EM Agent cannot be configured to enforce HTTP Strict Transport Security (HSTS)
Security scan show issue with OMS ports and Agent Ports.
HSTS Missing From HTTPS Server The remote HTTPS server does not send the HTTP ""Strict-Transport-Security"" header.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document