Details | |
---|---|
Alert Id | 10035 |
Alert Type | Passive |
Status | release |
Risk | |
CWE | |
WASC | |
Technologies Targeted | All |
Tags |
OWASP_2017_A06 OWASP_2021_A05 |
Summary
HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.
Solution
Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.Other Info
References
- https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html
- https://owasp.org/www-community/Security_Headers
- http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
- http://caniuse.com/stricttransportsecurity
- http://tools.ietf.org/html/rfc6797