HSTS Missing From HTTPS Server

[samgoud]

Hi, we are running websockify using py version 3.9.18,
we got a medium vulnerability reported from nessus scan "HSTS Missing From HTTPS Server"
Suggested Fix from the nessus report was to Configure the remote web server to use HSTS.

am i missing something here while starting the websockify server?

[CendioOssman]

websockify does not have HSTS support. It isn't really designed as a full production-ready web server, so it lacks a bunch of such fancy stuff.

[samgoud]

Any plans of implementing this in upcoming websockify releases?

If I have to implement this in a local copy, can you please help me provide pointers on which files to look at and steps enabling it

[CendioOssman]

Any plans of implementing this in upcoming websockify releases?

No current plans, no.

If I have to implement this in a local copy, can you please help me provide pointers on which files to look at and steps enabling it

You'd need to add a send_header() call somewhere in websocketproxy.py or websocketserver.py with the correct HSTS settings that you want.