Strict-Transport-Security Header is Missing
Impact: Low
Description
The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP. Mozilla
Recommendation
Configure your server to send this header for all pages. You can see references for possible values.
References
👉 You might also like:
Content-Security-Policy Header is Missing - Vulnerability
Public-Key-Pins Header is Set - Vulnerability
Referrer-Policy Header is Missing - Vulnerability
X-Content-Type-Options Header is Missing - Vulnerability
Last updated on February 15, 2021