Time and Attendance and HSTS headers

Owned by Knowledge Assistant
Last updated: Oct 30, 2024 by Moriah Yorkey
1 min read
Description of Issue

Client performed a cybersecurity report against Time and Attendance and found that it was flagged for not having HSTS headers.

Context

  • Time and Attendance

  • T&A

  • HSTS

  • HTTP

  • HTTPS

Cause

Informational

Resolution

Upgrade to v2024.1.2 via Tyler Deploy to resolve this.

Additional Information

HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure (HTTPS) connections. The HSTS Policy is communicated by the server to the user agent via a HTTP response header field named "Strict-Transport-Security". HSTS Policy specifies a period of time during which the user agent shall access the server in only secure fashion.
When a web application issues HSTS Policy to user agents, conformant user agents behave as follows: * Automatically turn any insecure (HTTP) links referencing the web application into secure (HTTPS) links. (For instance, http://example.com/some/page/ will be modified to https://example.com/some/page/ before accessing the server.)

Â