AnsweredAssumed Answered

HSTS Showing "No" on SSLLabs

Question asked by Erric Zdzchowski on Jun 15, 2016
Latest reply on Jun 16, 2016 by Matthias Wächter

We setup our Netscalers and enabled the STS rewrites. The header is being seen in a trace but not by SSL Labs.

 

SSL Server Test: cpms.midasplus.com (Powered by Qualys SSL Labs)

 

trace:

HTTP/1.1 200 OK

Set-Cookie: cookie_mds-citrixwi02=R2353100678; path=/

Cache-Control: private

Content-Length: 37189

Content-Type: text/javascript; charset=UTF-8

Expires: Thu, 16 Jun 2016 04:42:38 GMT

Server: Microsoft-IIS/7.5

Date: Wed, 15 Jun 2016 16:42:38 GMT

Strict-Transport-Security: max-age=157680000; includeSubDomains

----------------------------------------------------------

Outcomes