HSTS Missing From HTTPS Server Error From Prometheus server Metric Port #931
Replies: 3 comments 1 reply
-
The HSTS headers really only make sense if you serve via HTTPS. Quite a few moving parts have to be brought into place to do that. But then again, that's not really Prometheus's concern, but rather a question how you server HTTP(S) in general. If you are creating the HTTP socket just for Prometheus, you might want to look at https://github.com/prometheus/exporter-toolkit , which assists you with creating a stand-alone web app exporting Prometheus metrics (often called an exporter). |
Beta Was this translation helpful? Give feedback.
-
That depends more on how your code serves HTTP(S) and how you set headers than on the fact that you are serving Prometheus metrics. You could just search for other code setting the The way the Prometheus exporter-toolkit is doing it, can be seen here: https://github.com/prometheus/exporter-toolkit/blob/19e732caf179e5deb553a9cb2bb2da983dd0d830/docs/web-configuration.md Ultimately, it's just setting an HTTP header. It really has nothing to do with Prometheus or this repository. |
Beta Was this translation helpful? Give feedback.
-
@beorn7 Seems to have answered the OP's question. However, for those who are here to enable HSTS in Prometheus itself as I was, setting the |
Beta Was this translation helpful? Give feedback.
-
Hey,
We are using prometheus server API and starting metrics server to provide metrics data to prometheus and below lines are from the code that we are working.
http.Handle("/metrics", promhttp.Handler())
server := &http.Server{
Addr: metricsAddr,
}
server.ListenAndServe()
we are using nessus tool to scan the metrics port and it is throwing vulnerability HSTS missing header.
How we can add HSTS header to the server?
Can you help us in resolving the issue ? Any ideas on it ?
Thanks in advance.
Beta Was this translation helpful? Give feedback.
All reactions