Strict-Transport-Security Defined via META (Non-compliant with Spec)
- Risk:
Low
- Type:
- Passive
- CWE:
- 319
- Summary
- A HTTP Strict Transport Security (HSTS) META tag was found, defining HTTP Strict Transport Security (HSTS) via a META tag is explicitly not supported by the spec (RFC 6797).
- Solution
- Do not attempt to set HTTP Strict Transport Security (HSTS) via a META tag.