Download Netsparker
Pricing
Blog
Contact
Netsparker

HTTP Strict Transport Security (HSTS) Via HTTP Identified on Target Web Application

HTTP Strict Transport Security header is sent via an HTTP response which must be sent in HTTPS responses instead.

Impact

Web browsers will ignore the HSTS implementation and the users will not be able to take advantage of HSTS. This renders the HSTS implementation useless. Not having HSTS will make MITM attacks easier for attackers.

External References


Go back to the Complete list of Vulnerability Checks.