Liquid, JavaScript, themes, sales channels
Hi Community,
We ran a PCI scan and the store got the following failure, and would like help to input the correct response as Shopify is PCI compliant.
Web (2053/tcp)
HSTS Missing From HTTPS Server (RFC 6797)
Synopsis
The remote web server is not enforcing HSTS, as defined by RFC 6797.
Description
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Output
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
Solved! Go to the solution
This is an accepted solution.
Hi jaykappa!
I have seen this before. Some ASVs do things a little different.
The finding is: the server on port 2053 is not enforcing HSTS.
Unfortunately, at this time, we can not control the content on port 2053. This content is served by the Cloudflare CDN.
Good news is that all content on port 2053 (and a few other ports) is OUT OF SCOPE.
The finding is on a port that is forward to a network outside of the scope of this test (Cloudflare CDN error message content).
That should give you enough info to report the finding as a false positive to the ASV Scanner.
Thanks,
Shawn.
To learn more visit the Shopify Help Center or the Community Blog.
This is an accepted solution.
Hi jaykappa!
I have seen this before. Some ASVs do things a little different.
The finding is: the server on port 2053 is not enforcing HSTS.
Unfortunately, at this time, we can not control the content on port 2053. This content is served by the Cloudflare CDN.
Good news is that all content on port 2053 (and a few other ports) is OUT OF SCOPE.
The finding is on a port that is forward to a network outside of the scope of this test (Cloudflare CDN error message content).
That should give you enough info to report the finding as a false positive to the ASV Scanner.
Thanks,
Shawn.
To learn more visit the Shopify Help Center or the Community Blog.
User | RANK |
---|---|
37 | |
29 | |
13 | |
12 | |
9 |
On our Shopify Expert Marketplace, you can find many trusted third party developers and fr...
By Arno Nov 27, 2023You've downloaded the Search & Discovery app from the Shopify App store, and as you're ...
By Skye Nov 8, 2023The year-end shopping season is just around the corner. Is a flash sale on your radar? Are...
By Jasonh Nov 6, 2023