Details
Alert ID 10035-8
Alert Type Passive
Status release
Risk Low
CWE 319
WASC 15
Technologies Targeted All
Tags CWE-319
OWASP_2017_A06
OWASP_2021_A05
POLICY_PENTEST
POLICY_QA_STD
SYSTEMIC
More Info Scan Rule Help

Summary

A HTTP Strict Transport Security (HSTS) header was found, but it contains some content that was not expected (perhaps curly quotes), the expectation is that the content be printable ASCII characters.

Solution

Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with appropriate content.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrules/StrictTransportSecurityScanRule.java