Download Netsparker
Pricing
Blog
Contact
Netsparker

HTTP Strict Transport Security (HSTS) Invalid Max-Age Value Detected on Target Web Application

HTTP Strict Transport Security (HSTS) header's max-age value is invalid or not in accepted range.

Remedy

It is recommended to set the max-age to a big value like 31536000 (12 months) or 63072000 (24 months).

External References


Go back to the Complete list of Vulnerability Checks.