| Details | |
|---|---|
| Alert ID | 10035-1 |
| Alert Type | Passive |
| Status | release |
| Risk | Low |
| CWE | 319 |
| WASC | 15 |
| Technologies Targeted | All |
| Tags |
CWE-319 OWASP_2017_A06 OWASP_2021_A05 |
| More Info |
Scan Rule Help |
Summary
HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.
Solution
Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.Other Info
References
- https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html
- https://owasp.org/www-community/Security_Headers
- https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
- https://caniuse.com/stricttransportsecurity
- https://datatracker.ietf.org/doc/html/rfc6797