Description

The GUI of older versions of eDiscovery Platform (eDP) was not secure using HTTP on port 80.  The newer versions of eDP should all be using HTTPS and with a valid certificate.  The move to secure the EDP appliance more, introduced HSTS.  The settings can be viewed in D:\CW\Vxxx\config\templates\tomcat\web.xml file.  Figure 1 is the web.xml displaying HSTS is configured and enabled.

Figure 1.

However, to check an actively running website like eDP, it is better to use developer tools in the browser, try to use the same address but start with HTTP:// instead of HTTPS://.  Go to the Network tab in developer tools, scroll to the top for the very first response, select that response, and then look for the HSTS flag in the header.  Figure 2 is an image demonstrating how this should look. The highlighted HSTS is the response to look for. 

Figure 2.

This method can be used to check any website for compliance with RFC 6797.