Vincent,

Many thanks for looking at this. I will first up try and convince the client that the risk is low for this site and see how I go.

Col.


Quote Originally Posted by Vincent Oorsprong View Post
Col,

I looked up HSTS (https://developer.mozilla.org/en-US/...sport-Security) and I doubt this should not be used with webservices. OTOH in v20 we rewrote WebServiceDispatcher from the 'old' webservice handler to the cHTTPHandler class and there it could be an option.