Description
This change increases the max-age of the HTTP Strict Transport Security (HSTS) header from ten minutes to one year. The HSTS header is a response header that enhances the security of web applications by requesting that all traffic be sent over HTTPS for a period of time. Supported by most modern web browsers (Google Chrome, Firefox, Safari, etc.), standard HTTP requests will automatically be redirected to HTTPS, assuming an HTTPS connection has previously been created.
More info can be found here: HTTP Strict Transport Security - OWASP Cheat Sheet Series
Change Category
Infrastructure
Informational
API
Change Context
Increasing the max-age reduces the frequency of possible man-in-the-middle attacks due to expired headers.
Change Impact
There will be no customer impact.
Date of Change
Immediate
Impacted APIs
All platform APIs will be affected by this change.
References
[PLATFORM-4391]
[API-7593]