| Details | |
|---|---|
| Alert ID | 10035-3 |
| Alert Type | Passive |
| Status | release |
| Risk | Low |
| CWE | 319 |
| WASC | 15 |
| Technologies Targeted | All |
| Tags |
CWE-319 OWASP_2017_A06 OWASP_2021_A05 |
| More Info |
Scan Rule Help |
Summary
HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).