Dear forum,
one of our clients hired external company to perform security assessment. One of the complaints is that HSTS (HTTP Strict Transport Security) is not enforced and they provided example where in the resposne they are pointing that HSTS header is missing.
I know that there is FAQ Why does Genesys Cloud suggest that port 80 be open? - Genesys Cloud Resource Center stating that Genesys Cloud uses HTTP Strict Transport Security (HSTS) headers.
There is also Announcement on this forum
Enhanced API Security: HSTS Header max-age Increase
But can someone look at the picture from the client and possibly comment on it so that I may respond to the customer with exact information available either on Developer forum or Resource center.
I appreciate very much any response,
Thanks