Strict Transport Security header not present in 302 response generated by NetScaler
Article ID: CTX215496
Updated On:
Description
We implemented STS according to : https://www.citrix.com/blogs/2010/09/10/strict-transport-security-sts-or-hsts-with-citrix-netscaler-and-access-gateway-enterprise/.
They discovered the initial 302 response from the Netscaler doesn't contain the STS header. Only from the page /vpn/index.html the STS header is present.
Tried configuring rewrite/responder policy to add HSTS but still the same result.
Resolution
Product management team agreed to take this as ENH and would try to add the Strict-Transport-Security header in initial 302 sent by NetScaler. Enhancement request "0654092 :::Customer would like to have STS header for 302 response sent form NetScaler" is created for tracking.
Problem Cause
Strict-Transport-Security header in the initial 302 response can not be added using rewrite policy, This is as per the design . the request and response which are generated outside Netscaler only for those rewrite policy can be applied here 302 is Netscaler generated response so we won’t apply this policy “
Was this article helpful?
Yes
No
Powered by
