Strict-Transport-Security Defined via META (Non-compliant with Spec)

Home/Alerts/Alert detail/

Risk:
Low

Type:
Passive

CWE:
CWE-319

Summary: A HTTP Strict Transport Security (HSTS) META tag was found, defining HTTP Strict Transport Security (HSTS) via a META tag is explicitly not supported by the spec (RFC 6797).

Solution: Do not attempt to set HTTP Strict Transport Security (HSTS) via a META tag.

References: https://datatracker.ietf.org/doc/html/rfc6797#section-8.5

Latest Security News

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

CWE top 25 most dangerous software weaknesses

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Common Alerts

HighSQL Injection

MediumApplication Error Disclosure via WebSockets

LowDangerous JS Functions

MediumCSP: style-src unsafe-hashes

LowPermissions Policy Header Not Set

LowStrict-Transport-Security Max-Age Malformed (Non-compliant with Spec)

InformationalCharset Mismatch

LowStrict-Transport-Security Missing Max-Age (Non-compliant with Spec)

InformationalVerification Request Identified

HighSource Code Disclosure - Git

Latest CVE List

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

CVE-2024-43451 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

Common CWEs

HighCWE-640 Weak Password Recovery Mechanism for Forgotten Password

CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)

CWE-125 Out-of-bounds Read

LowCWE-324 Use of a Key Past its Expiration Date

CWE-763 Release of Invalid Pointer or Reference

CWE-363 Race Condition Enabling Link Following

CWE-458 DEPRECATED: Incorrect Initialization

LowCWE-296 Improper Following of a Certificate's Chain of Trust

CWE-1074 Class with Excessively Deep Inheritance

HighCWE-643 Improper Neutralization of Data within XPath Expressions ('XPath Injection')

Free security scan for your website

Don't show website scan report rating on the leaderboard