SAP Knowledge Base Article - Preview

3090141 - Changing HSTS header using xss filter for storefront not working

Symptom

Changing HSTS header following Injecting Static HTTP Response Headers in Cloud Portal -> Storefront Service using below property doesn't work, e.g. for ootb yacceleratorstorefront.

yacceleratorstorefront.xss.filter.header.Strict-Transport-Security=max-age=0; includeSubDomains

When you check storefront page with browser Developer Tools open, from the Network>Headers>Response Headers of the request url, you can always find "Strict-Transport-Security: max-age=31536000 ; includeSubDomains".