Affected Versions
This article applies to Universal Type Server 7.0.0 through 7.0.6.
What is HTTP Strict-Transport-Security (HSTS)?
The HTTP Strict-Transport-Security header tells a user agent (a web browser or other client) that a site should only be accessed over an HTTPS connection. A user agent that receives a HSTS header as part of a response will connect to the server again using an HTTPS request.
For a technical explanation of how the Strict-Transport-Security header works, go to the Strict-Transport-Security page at the MDN Web Docs site.
Does Universal Type Server use HSTS headers?
Universal Type Client 7 uses HTTPS connections to pass user authentication requests to the server. Users can connect to the Users and Workgroups Administration application in a web browser over an HTTPS connection.
Universal Type Server 7 sends database updates and fonts over HTTP connections. There is currently no way to have UTS use an HTTPS connection to pass database and font updates, so we have not added HSTS support to UTS 7.
Can I add support for HSTS to Universal Type Server?
Adding support for HSTS headers to UTS 7 by modifying the Apache Tomcat configuration files would cause UTC to be unable to download fonts and database changes from the server. We do not support making those changes at this time.