Web server protection - Add HSTS header support
Request that the Sophos UTM supports HTTP Strict Transport Security (HSTS). RFC6797 - https://tools.ietf.org/html/rfc6797
This is a feature required by all government sites (directive came out in 2015!) and it should have been implemented a long time ago! This should be a top priority is you want any more government business.
urgent missing this feature
Any updated on implementing HSTS in the web server protection module of UTM 9.5?
Great product if we can get that to work..
Gerald Drollinger commented
i need this feature urgently. I Use many virt. Webservers.
Owncloud enforces HSTS since Version 8.1
Alex Ward commented
Latest versions of Google Chrome and Firefox use HSTS pinning which will prevent access to certain high profile sites through Sophos unless support is added.