My Oracle Support Banner

HTTP Strict Transport Security Header (Doc ID 2831049.1)

Last updated on JUNE 25, 2024

Applies to:

Oracle Financial Services Crime and Compliance Management Studio - Version 8.0.8 to 8.0.8 [Release 8]
Information in this document applies to any platform.

Goal

HTTP Strict Transport Security Header to be enabled on Studio 80820 version as part of pen test vulnerability.

Steps to re-produce :

--> Access the Studio 8082 application URL and press F12 Key.

-->Select Network and click on any of Name column and check the Response Header for any of the response Headers - Strict Transport Security Header is missing

However the same is not an issue in higher versions from 8.1.x

--> In Studio 8.1.1. application URL and press F12 Key. Select Network and click on any of Name column and check the Response Header for any of the response Headers - Strict Transport Security Header is enabled and value is"Strict-Transport-Security: max-age=31536000; includeSubDomains" 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.