HTTP Strict Transport Security (HSTS) via HTTP

Summary

HTTP Strict Transport Security header is sent via an HTTP response which must be sent in HTTPS responses instead.

Impact

Web browsers will ignore the HSTS implementation and the users will not be able to take advantage of HSTS. This renders the HSTS implementation useless. Not having HSTS will make MITM attacks easier for attackers.

Classifications

OWASP PC-C10

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Critical
High
Medium
Low
Information

Search Vulnerability

Related Vulnerabilities

Code Evaluation via Local File Inclusion (PHP)
Code Execution via File Upload
Code Execution via WebDAV
HTTP Header Injection
Passive Mixed Content over HTTPS

;

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO

HTTP Strict Transport Security (HSTS) via HTTP

NETSPARKER

USE CASES

WEB SECURITY

COMPANY

Netsparker Ltd