Replies: 1 comment 1 reply
-
|
We will look into including these headers for pre-redirect responses in a future release. If you have purchased Security Onion premium support please contact the support team and they will look at your situation and discuss an interim solution. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thanks! We can wait;) |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.30
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Standalone
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
16
RAM
256GB
Storage for /
222GB
Storage for /nsm
11TB
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Nessus shows HSTS not set on scan. Curl also will show you HSTS not set at 'root' document.
I see NGINX has this set properly, but only after the LOCATION header redirect, so scanners will not see it as they do not crawl beyond "/".
DHS doesn't like this on their scorecards. Any advice?
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions