HTTP Strict Transport Security (HSTS) via HTTP
Severity: Information
Summary
HTTP Strict Transport Security header is sent via an HTTP response which must be sent in HTTPS responses instead.
Impact
Web browsers will ignore the HSTS implementation and the users will not be able to take advantage of HSTS. This renders the HSTS implementation useless. Not having HSTS will make MITM attacks easier for attackers.
Classifications
OWASP PC-C10
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
