Increase default HSTS header max age to 2 years

XMLWordPrintable

    • Type: Task
    • Resolution: Fixed
    • Priority: L3 - Default
    • 3.10.0-alpha4, 3.9.4
    • Affects Version/s: None
    • Component/s: backend
    • None
    • Not defined

      As per INFOSEC-67, we should increase the default max age to 2 years rather than the existing one year. This is in line with recommended values.

      ATs:

      • The default value is set to 2 years in our config
      • The value can be overridden via environment variable
      • Our documentation is updated to reflect the change

      Testing notes:

      • The setting can be configured with env var: 

      CAMUNDA_OPTIMIZE_SECURITY_RESPONSE_HEADERS_HSTS_MAX_AGE

        This is the controller panel for Smart Panels app

              Assignee:
              Unassigned
              Reporter:
              Joshua Windels
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: