How to enable HSTS headers in Red Hat OpenShift Web Console

Solution Verified - Updated -

Issue

  • Is there any way to manually enable HSTS per domain.
  • How to increase Openshift Webconsole security with HSTS headers.
  • The infrastructure that supports OpenShift does not enforce HTTP Strict Transport Security (HSTS), allowing potential downgrade attacks against HTTPS and the collection of data-in-transit. The list of ports identified that do not enforce HSTS.

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4
    • haproxy Route
    • HSTS

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content