FROM CACHE - en_header
Promotion image

We're moving the community! Starting July 7, the current community will be read-only for approx. 2 weeks. You can browse content, but posting will be temporarily unavailable. Learn more

Re: PCI SCAN FAIL The remote web server is not enforcing HSTS

PCI SCAN FAIL The remote web server is not enforcing HSTS

DLDevon
Tourist
8 0 2
‎03-01-2024 07:19 AM

I use Security Metrics for my PCI Compliance and our site has failed with these issues (see image). I don't know what we are supposed to do to correct this. 

 

Title
HSTS Missing From HTTPS Server (RFC 6797)
Synopsis
The remote web server is not enforcing HSTS, as defined by RFC 6797.
 
It's on 2 ports 8443 and 443.
 

Can anyone help?

Thanks in advance, Sarah

 

scan_fail.jpg

Labels:
1,086 Views
0 Likes
Report
Reply 1 (1)

sanico-software
Shopify Partner
63 2 12
‎03-01-2024 10:04 PM

Hi @DLDevon 

 

Shopify uses HSTS by default so you shouldn't have this problem: https://help.shopify.com/en/manual/domains/managing-domain-ownership/transferring-shopify-domains#hs...

 

It depends on if the store has been misconfigured. If can message your IT team for help or if you don't have an IT team you can hire a Shopify Partner like myself to help fix the problem.

Dom Tripodi | Sanico Software
I am a Software Engineer and Shopify Expert based in Adelaide, Australia. I build ecommerce websites with Shopify for local and international businesses. If you want to take your Shopify store to the next level, send me a message. Check out Sanico Software here.
1,023 Views
0 Likes
Report
Terms of Service Privacy Policy