I am looking to resolve the vulnerability " HSTS Missing From HTTPS Server (RFC 6797)" in Jenkins server. I have seen few recommendations to be done in web.xml file from Tomcat perspective. However, I need better clarity as Jenkins uses its own Java servlet container.
Any help would be appreciated.
Hi, @noshini1 were you able to remediate this HSTS missing from HTTPS vulnerability? I am in the same shoes now. How were you able to enforce HTTP Strict Transport Security. My Jenkins run on Linux server.