Is it possible to configure Splunk to support HTTP Strict Transport Security (HSTS)?



We have a requirement from our security team to have Splunk support HSTS feature. Can this be done?

I have seen configuration for other servers like Apache 2 at

How can we configure Splunk server to support it?

Please let me know.



Labels (1)
0 Karma

Path Finder

In case anyone else is wondering the answer to this question, there is now a way to do this deployment-wide as of version 4.*

Set the following flag globally in $SPLUNKHOME/etc/system/local/web.conf (under [settings] stanza) and in $SPLUNKHOME/etc/system/local/server.conf (in [default] stanza):

sendStrictTransportSecurityHeader = true
0 Karma


If you want to add custom headers to Splunk, your best bet is probably to front-end Splunk with Apache or Nginx. Also note that if you enable SSL on Splunkweb, there is no non-ssl port.

0 Karma