logo

Strict-Transport-Security Malformed Content (Non-compliant with Spec)

  • Risk:
  • Low

  • Type:
  • Passive
Summary

A HTTP Strict Transport Security (HSTS) header was found, but it contains some content that was not expected (perhaps curly quotes), the expectation is that the content be printable ASCII characters.

Solution

Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with appropriate content.

References

https://datatracker.ietf.org/doc/html/rfc6797

Free security scan for your website