Skip to main content
NetApp Knowledge Base

Search

  • Filter results by:
    • View attachments
    Searching in
    About 2 results
    • https://kb.netapp.com/Legacy/AltaVault/How_to_enable_HSTS_on_the_AltaVault_web_GUI
      Applies to AltaVault AVA400 AVA800 AVA-v AVA-c Description HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks suc...Applies to AltaVault AVA400 AVA800 AVA-v AVA-c Description HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. By default, HSTS is not enabled in the AltaVault web GUI.
    • https://kb.netapp.com/on-prem/ontap/DM/System_Manager/SM-KBs/Nessus_or_other_security_scanners_report_System_Manager_is_not_enforcing_HSTS
      ONTAP System Manager OnCommand System Manager Nessus or other security scanners report System Manager is not enforcing HSTS. The remote web server is not enforcing HSTS. "The remote HTTPS server is no...ONTAP System Manager OnCommand System Manager Nessus or other security scanners report System Manager is not enforcing HSTS. The remote web server is not enforcing HSTS. "The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct The lack of HSTS allows downgrade attacks, Qualys scanner reporting “HTTP Security Header Not Detected” vulnerability with QID 11827