Thanks Matt, That seems way too easy. I just implemented your suggestion and added it to the header. I can't test it to see if it meets their requirements but If that's all that's needed then it should.
Thank you again for the assistance with this. Mike -----Original Message----- From: 4D_Tech [mailto:[email protected]] On Behalf Of spiffyguy Reading Wikipedia: > The HSTS Policy[2] is communicated by the server to the user agent via > an * > HTTP response header field named "Strict-Transport-Security" * > . HSTS Policy specifies a period of time during which the user agent > should only access the server in a secure fashion. All that's required is a header in the reply. I would put this in the database method "On Web Authentication" so it fires for every web request. C_TEXT($setStrictTransportSecurity) $setStrictTransportSecurity:="Strict-Transport-Security: max-age=31536000" WEB SET HTTP HEADER($setStrictTransportSecurity) - Matt ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
