I use Security Metrics for my PCI Compliance and our site has failed with these issues (see image). I don’t know what we are supposed to do to correct this.
Title
HSTS Missing From HTTPS Server (RFC 6797)
Synopsis
The remote web server is not enforcing HSTS, as defined by RFC 6797.
It’s on 2 ports 8443 and 443.
Can anyone help?
Thanks in advance, Sarah
Hi @DLDevon
Shopify uses HSTS by default so you shouldn’t have this problem: https://help.shopify.com/en/manual/domains/managing-domain-ownership/transferring-shopify-domains#hsts
It depends on if the store has been misconfigured. If can message your IT team for help or if you don’t have an IT team you can hire a Shopify Partner like myself to help fix the problem.
