HSTS security header is now standard

You are unlikely to see any immediate change in behavior with the HSTS header in place:

• If you are already using the secure HTTPS protocol to access your presentation server, this access continues without any impact.
• If you always use the standard HTTP protocol to access the web interface of FlexNet Manager Suite, this will also continue unchanged. The client web browser only enforces HTTPS after the presentation server has been successfully accessed using the HTTPS protocol without any certificate errors.

This latter method of activation means that it is possible to use two different protocols in separate environments. For example:

• You may enforce security best practice by requiring the HTTPS protocol to access the presentation server in your production environment. A web browser responding to the HSTS header helps you here (for example, it automatically corrects the server URL if it is carelessly entered with the HTTP protocol, and sends the request using the HTTPS protocol).
• You may have a small test implementation in a less exposed network, for which you have only ever used the HTTP protocol (and, obviously, have not configured any 307 redirects to the HTTPS alternative protocol). The client web browser here continues to function with the standard HTTP protocol, because the HSTS requirement has not been triggered by any successful access using HTTPS.

Using the HTTPS protocol (enforced by the HSTS header response) naturally means that all server security certificates must be kept up-to-date – because, in the event of a future certificate failure, no alternate access to the server is permitted.