| Details | |
|---|---|
| Alert ID | 10035-2 |
| Alert Type | Passive |
| Status | release |
| Risk | Low |
| CWE | 319 |
| WASC | 15 |
| Technologies Targeted | All |
| Tags |
CWE-319 OWASP_2017_A06 OWASP_2021_A05 |
| More Info |
Scan Rule Help |
Summary
A HTTP Strict Transport Security (HSTS) header was found, but it contains the directive max-age=0 which disables the control and instructs browsers to reset any previous HSTS related settings. See RFC 6797 for further details. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).