HSTS Missing From HTTPS Server (RFC 6797)

Using Jenkins Ask a question
1

Hello,

I am looking to resolve the vulnerability " HSTS Missing From HTTPS Server (RFC 6797)" in Jenkins server. I have seen few recommendations to be done in web.xml file from Tomcat perspective. However, I need better clarity as Jenkins uses its own Java servlet container.
Any help would be appreciated.

Thanks
Noshini

2

My recommendation is to add a reverse proxy where you can add https/headers/etc.

You can do a lot of things to jenkins itself, but i always find managing https is a lot easier externally.

2 Likes