FROM CACHE - en_header
Promotion image

Strict-Transport-Security header should specify the includeSubDomains directive

Strict-Transport-Security header should specify the includeSubDomains directive

stats_marketing
Shopify Partner
26 3 15
‎09-20-2022 09:46 AM

Hi Community,

 

We ran a vulnerability scan and we are receiving a Vulnerability alert, not sure if it is truly false positive and the reasons behind it to demonstrate to client that this is may not be an actual vulnerability.

 

stats_marketing_0-1663681332001.png

 

It looks like its in the Response headers when going to a Shopify store with HTTP requests.

1,947 Views
1 Like
Report
Replies 3 (3)

denis_l
Visitor
1 0 0
‎10-19-2022 09:14 PM

Any updates on this issue? More specifically, we should be able to set

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

to enable HSTS preload on a custom domain.

1,826 Views
0 Likes
Report
In response to denis_l

stats_marketing
Shopify Partner
26 3 15
‎10-26-2022 01:36 PM

Not currently an update as of this date, however...

I was told that those on Shopify Plus can send a Vulnerability Report and their secure team can analyze it and let you know if they will modify it for you or tell you why it is a false-positive.

We may plan on doing this, so I will keep you posted.

1,749 Views
0 Likes
Report
In response to stats_marketing

pep1
Visitor
1 0 0
‎12-01-2022 12:15 AM

Hey @stats_marketing - did you ever get an update about this?

1,608 Views
0 Likes
Report

Community Blog Articles

shopp-e-1741972742895593780274096851.png
Canadian merchants: Update account details by March 24, 2025 to continue us...

Shopify and our financial partners regularly review and update verification requiremen...

By Jacqui Mar 14, 2025
Shopify_0-1741780029041.png
New learning path from Shopify Academy: How to create a digital marketing s...

Unlock the potential of marketing on your business growth with Shopify Academy's late...

By Shopify Mar 12, 2025
CRO-Community-Promo.jpg
Expert insights on conversion rate optimization (CRO) from Shopify Academy ...

Learn how to increase conversion rates in every stage of the customer journey by enroll...

By Shopify Mar 5, 2025
Terms of Service Privacy Policy