How to enable HSTS (HTTP Strict Transport Security) in Red Hat OpenStack Platform

Solution Verified - Updated -

Issue

  • The Strict-Transport-Security header is not present when using SSL for public endpoints or when using TLSe
  • HTTP Strict Transport Security (HSTS) is negotiated between the browser and the web server, and is important to protect from downgrade attacks, man-in-the-middle attacks, and session hijacking. It does so by preventing the page from being loaded without HTTPS.

Environment

  • Red Hat OpenStack Platform (RHOSP) 17
  • Red Hat OpenStack Platform (RHOSP) 16
  • Red Hat OpenStack Platform (RHOSP) 13

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content