Return
-
Title
Password Manager URL missing Security Response headers -
Description
Is it recommended to configure the following security response option in IIS in Password Manager?
"Content-Security-Policy
Strict-Transport-Security
X-Content-Type-OptionsX-Frame-Option" -
Cause
It is not recommended to set those configurations as Password Manager will be broken when changing any. The following Enhancement Request 503042 has been raised with the product team to evaluate the request and implement these IIS security features in a future release of the product.
-
Resolution
Strict-Transport-Security will be enforced out of the box in Password Manager 5.15.