Rasko | 2025-03-04 08:25:04 UTC | #1
Dear forum, one of our clients hired external company to perform security assessment. One of the complaints is that HSTS (HTTP Strict Transport Security) is not enforced and they provided example where in the resposne they are pointing that HSTS header is missing.
 |
 |
I know that there is FAQ https://help.mypurecloud.com/faqs/why-does-genesys-cloud-require-port-80-to-be-open/ stating that Genesys Cloud uses HTTP Strict Transport Security (HSTS) headers. There is also Announcement on this forum https://developer.genesys.cloud/forum/t/enhanced-api-security-hsts-header-max-age-increase/23153
But can someone look at the picture from the client and possibly comment on it so that I may respond to the customer with exact information available either on Developer forum or Resource center.
I appreciate very much any response, Thanks
system | 2025-04-03 08:25:37 UTC | #2
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 32015