HTTP Strict Transport Security (HSTS) in Qlik SenseArticle Number: 000045276 | Last Modified: 2019/09/12
More details about HSTS can be found on https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
- Qlik Sense Enterprise June 2019 release and later
In Qlik Sense, one can add additional HTTP response headers in the Virtual Proxy configuration to enforce HSTS
1. Open the Qlik Sense QMC
2. In the CONFIGURATION SYSTEM section, click on Virtual Proxies
3. Select the Virtual Proxy profile for user access and click on Edit
3. Go to the Advanced section and in the field "Additional response headers"
4. Enter the HSTS configuration setting applicable to your environment. i.e Strict-Transport-Security: max-age=31536000;includeSubDomains;Preload
5. HTTP to HTTPS must be enabled.
For additional information about http to https redirects, see
- How to: Redirect HTTP to HTTPS in Qlik Sense
- Qlik Community: Qlik Sense redirect HTTP to HTTPS
- and feature request Sense Initial URL redirect to /hub (http)
Note: Qlik does NOT support the configuration or implementation of non-Qlik or Operating System related software. The above suggestion is an introduction to this topic, and if it does not work in your particular environment then please reach out internally to your IT team. If you need direct assistance, please contact your Account Owner to discuss purchasing Consulting Services. (see How to Contact the Consulting Team?)
Have a Question?
Search Qlik's Support Knowledge database or request assisted support for highly complex issues.Submit a case
Experiencing a serious issue, please contact us by phone. View phone numbers and hours by region.