A mandatory value for Strict-Transport-Security is missing from the Web.config file for Enterprise Vault Search.

Modify the HTTP response headers for all requests on the Enterprise Vault Search site.

1. Navigate to Program Files (x86) > Enterprise Vault > EVSearch > EVSearchClient.
2. Take a backup of the Web.config file.
3. Open the Web.config file with a text editor, such as Notepad, as an administrator.
4. Add the statement in the  section, as shown below:

        

          

          

          

          

          

          

        

      
5. Save the Web.config file.
6. Refresh the Enterprise Vault Search page.

After making the above mention change, the HTTP header response will include the Strict-Transport-Security value for Enterprise Vault Search, resulting in a secure communication.

Note: This technical article is only applicable to Version 14.0 and prior versions of Enterprise Vault.

This issue has been addressed in EV 12.5.3 and is slated to be addressed in EV 14.0.1 and 14.1.