We are following the Security requirements for cloud applications and we are struggling to make the Connect Security Requirements Tester (CSRT) verify the Requirement 1.2 - HSTS Validation. Our application is using Atlassian Connect Spring Boot library and we have implemented a custom request interceptor to add the security header (HSTS) in each request’s response headers. In result, the security header is applied, but the checker tool is still failing.
Have you encountered this problem? Have you managed to solve it? Any opinion is highly appreciated.
Thank you in advance.