HSTS Missing From HTTPS Server (RFC 6797)


I am looking to resolve the vulnerability " HSTS Missing From HTTPS Server (RFC 6797)" in Jenkins server. I have seen few recommendations to be done in web.xml file from Tomcat perspective. However, I need better clarity as Jenkins uses its own Java servlet container.
Any help would be appreciated.


My recommendation is to add a reverse proxy where you can add https/headers/etc.

You can do a lot of things to jenkins itself, but i always find managing https is a lot easier externally.


Hi, @noshini1 were you able to remediate this HSTS missing from HTTPS vulnerability? I am in the same shoes now. How were you able to enforce HTTP Strict Transport Security. My Jenkins run on Linux server.

Help will be appreciated

Please try following this link and see if it works for you. I remember we added Strict transport security header in one of the xml files.