Is HTTP Strict Transport Security (HSTS) enabled on PAM?

Document ID : KB000103738
Last Modified Date : 11/07/2018
Show Technical Document Details
Question:
Is HTTP Strict Transport Security (HSTS) enabled on PAM?
Answer:
HTTP Strict Transport Security (HSTS) is enabled on 2.8.3, 3.0.3, 3.1.1 and 3.2.
Additional Information:
It is possible to also verify HSTS by using the Linux curl command as follows:

[root@linuxrhel bin]# curl -s -k -D- https://pamserver | grep -i Strict 
Strict-Transport-Security: max-age=365246060 

If HSTS is enabled, there will be a Strict-Transport-Security header with the 'max-age' returned.

Following has some additional information:

https://www.namecheap.com/support/knowledgebase/article.aspx/9711//how-to-check-if-hsts-is-enabled