On April 5, new security headers will be added to all HTTPS responses from Cvent’s SOAP API. No interruption is expected. However, customers are advised to review their applications to ensure that they are not rejecting responses with these headers.
The new headers are :
- Cache-Control: no-cache, no-store, must-revalidate
- Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
The changes are currently available in the Cvent Sandbox region for your testing.
Customers are advised to use HTTPS going forward, and future support for HTTP will be deprecated at the end of 2022.
More information about these changes can be found here: https://https.cio.gov/hsts/