This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 32%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
Hi all,
In my environment, Tenable Nessus Scanner had flagged out the "HSTS Missing From HTTPS Server (RFC 6797)" vulnerability for Microsoft Advanced Threat Analytics ver 1.9.3
I checked the Windows OS installed with ATA, but there is no IIS installed by ATA and am stuck at how to resolve this flagged vulnerability.
Would like to check if anyone else encountered the same flagged vulnerability and did u manage to resolve it? (How?)
Also tried checking for links which may indicate the flagged vulnerability for ATA as a "false positive" but to no avail.
Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 85%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEO%3C/text%3E%3C/svg%3E)
Hi,
HSTS header is planned to be added to ATA with 1.9 Update 4 planned for later this year.
There is no way for you to manually add it, as this is a self host web server.
Thanks,
Eli