Title
#fleet
j

Joe

06/03/2022, 2:13 PM
Hi everyone, is there a way to enable HTTP Strict Transport Security in osquery?
Kathy Satterlee

Kathy Satterlee

06/03/2022, 7:29 PM
Hi, @Joe! Great question. Osquery itself only communicates using https and doesn't interact with the browser directly, so it wouldn't apply on that end. This has definitely sparked conversation with the team about applying HSTS by default to Fleet itself. Please let me know if that doesn't clear things up for you!
j

Joe

06/06/2022, 1:56 PM
@Kathy Satterlee thank you so much for that information. I'm new to osquery and i'm still learning the ins and outs of it so this information is definitely helpful. How are attacks such as SSL stripping mitigated in Osquery?