HTTP strict transport security settings¶
Since build 5.3.218, HTTP strict transport security (HSTS) may be set for all HTTPS and WSS ports listened by WCS:
The Strict-Transport-Security: max-age=31536000; includeSubDomains; preload HTTP header will be applied in this case to all the connections to:
- HTTPS web admin and REST API port (
https.port=8444by default) - HTTPS HLS port (
hls.https.port=8445by default) - Secure Websocket port (
wss.port=8443by default)
This header forces a browser to use HTTPS only for the server domain and subdomains. No pages will be opened via HTTP until max-age time is expired.
Attention
In HLS case, server sends the Strict-Transport-Security header in response to HLS manifest request, but not per each segment request.