My Oracle Support Banner

Security Scans Show Issue With Agent Ports although the OMS is configured to use HTTP Strict Transport Security (HSTS) (Doc ID 2721749.1)

Last updated on NOVEMBER 11, 2022

Applies to:

Enterprise Manager Base Platform - Version and later
Information in this document applies to any platform.
The EM Agent cannot be configured to enforce HTTP Strict Transport Security (HSTS)


Security scan show issue with OMS ports and Agent Ports.

 HSTS Missing From HTTPS Server    The remote HTTPS server does not send the HTTP     ""Strict-Transport-Security"" header.

The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.