logo

Strict-Transport-Security Defined via META (Non-compliant with Spec)

  • Risk:
  • Low

  • Type:
  • Passive
Summary

A HTTP Strict Transport Security (HSTS) META tag was found, defining HTTP Strict Transport Security (HSTS) via a META tag is explicitly not supported by the spec (RFC 6797).

Solution

Do not attempt to set HTTP Strict Transport Security (HSTS) via a META tag.

References

https://datatracker.ietf.org/doc/html/rfc6797#section-8.5

Free security scan for your website