I'm working with a client on their Azure instance to get them PCI compliant. Scans from BeyondSecurity.com continue to come back with
- HSTS Missing From HTTPS Server [site.com:454]
- HSTS Missing From HTTPS Server [site.com:455]
I've already implemented a general HSTS security based on this post: Enable HTTP Strict Transport Security (HSTS) in Azure WebRoles. It's this past part with the 2 ports that, from what I can tell, are some kind of communication port that Azure uses between it's instances.
What can I do to help get these ports to pass the scans? I've seen some stuff about TLS 1.2 fixing this, but I can't find anything to confirm this.
