Strict-Transport-Security Malformed Content (Non-compliant with Spec)
- Risk:
Low
- Type:
- Passive
- CWE:
- 319
- Summary
- A HTTP Strict Transport Security (HSTS) header was found, but it contains some content that was not expected (perhaps curly quotes), the expectation is that the content be printable ASCII characters.
- Solution
- Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with appropriate content.