Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Technical Advisory: HTTP Strict-Transport-Security Support

Avatar

Avatar
Ignite 5
Employee
Andrew_Gutierre
Employee

Likes

2 likes

Total Posts

29 posts

Correct Reply

1 solution
Top badges earned
Ignite 5
Ignite 3
Ignite 1
Give Back 5
Give Back 3
View profile

Avatar
Ignite 5
Employee
Andrew_Gutierre
Employee

Likes

2 likes

Total Posts

29 posts

Correct Reply

1 solution
Top badges earned
Ignite 5
Ignite 3
Ignite 1
Give Back 5
Give Back 3
View profile
Andrew_Gutierre
Employee

20-09-2019

Effective October 3, 2019, Audience Manager (AAM) and Experience Cloud ID Services (ECID) will implement support for HTTP Strict-Transport-Security.

HTTP Strict-Transport-Security (HSTS) is a security policy mechanism that helps protect against cookie hijacking and protocol downgrade attacks by not permitting HTTP traffic and transparently upgrading to HTTPS.

This change is being made to improve data security between the client and Adobe edge servers that support AAM and ECID functionality. The release is also a pre-requisite to changes needed for Chrome’s SameSite cookie labeling requirements.

The following changes will be made as part of this release:

  • Redirect all traffic from HTTP to HTTPS
  • Set the “Strict-Transport-Security” header on HTTPS responses
  • Enable “preload” to make non-compliant clients perform a transparent protocol upgrade

After this change, clients with unsecure websites may see an increase in response times due to the backend redirects required to enforce secure communication.

Based on internal analysis, less than 4% of customer traffic will be impacted by this release, however we recommend all customers ensure they are using HTTPS for their site traffic.

We regret any inconvenience this may cause; however, we take security and compliance seriously and feel that the benefits of this change outweigh the costs.

If you have any questions or concerns, please direct them to your account manager or Customer Care teams.

Sincerely,

- Adobe Audience Manager + Identity Service team (ECID)