Strict-Transport-Security Malformed Content (Non-compliant with Spec)

Risk:
Low

Type:
Passive

CWE:
CWE-319

Summary: A HTTP Strict Transport Security (HSTS) header was found, but it contains some content that was not expected (perhaps curly quotes), the expectation is that the content be printable ASCII characters.

Solution: Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with appropriate content.

References: https://datatracker.ietf.org/doc/html/rfc6797

Free security scan for your website

Don't show website scan report rating on the leaderboard