v.21.11New Features

Enabling HSTS for ClickHouse HTTP Server

Official CH changelog text
HSTS can be enabled for ClickHouse HTTP server by setting hsts_max_age in configuration file with a positive number. #29516 (凌涛).
Support for enabling HTTP Strict Transport Security (HSTS) in the ClickHouse HTTP server by configuring the hsts_max_age parameter.

Why it matters

This feature enhances security by allowing ClickHouse HTTP server to instruct browsers to only communicate over HTTPS for a specified period, preventing protocol downgrades and cookie hijacking.

How to use it

To enable HSTS, set the hsts_max_age parameter to a positive number in the ClickHouse server configuration file under the HTTP server settings. This number defines the duration (in seconds) that browsers should enforce HTTPS.

Related resources

PreviousNext