cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Pruss10
Helper I
Helper I

Implement HTTP Strict transport security header Portal

Hi Guys,

 

In one of the security scan reports, there are two vulnerability findings from the portal - 

1. HTTP Strict Transport Security (HSTS) header is not configured (Remediation mentioned - It is recommended to implement HTTP Strict-Transport-Security response header which will let the web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP.)

2. Cache-Control Header not properly configured (Remediation mentioned - Set the Cache-control response header to "no-cache, no-store, expires 0" on all responses.)

 

Can you kindly let me know how to enable these settings in Power Portal. Attaching screenshots from browser Network tool for better reference.

@OOlashyn @ragavanrajan @OliverRodrigues 

1 REPLY 1
OOlashyn
Super User
Super User

Hi @Pruss10,

Can you open a ticket with MS and share your findings from security scan report? I hope that will help MS to mitigate those issues from their end. Meanwhile, as a workaround you can use Head/Bottom content snippet that is added at the end of the head tag of all pages. You can set Cache-Control via meta tag (you should be able to do this with HSTS as well but I never tried it):

<meta http-equiv="Cache-control" content="no-cache">

 

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Microsoft Ignite 768x460.png

Find your focus

Explore the latest tools,training sessions,technical expertise, networking and more.

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

Welcome Super Users.jpg

Super User Season 2

Congratulations, the new Super User Season 2 for 2021 has started!

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

Users online (1,559)