HTTP Strict Transport Security (HSTS) not implemented


During the scan, Kayran managed to find that HTTP Strict Transport Security (HSTS) header is not being implemented. The Strict-Transport-Security response header is an opt-in security enhancement that is specified by a web application through the use of a special response headers.
HSTS prevents browsers from sending insecure HTTP communication to specific domains. It forces the browsers to only send communication over HTTPS.

An attacker could exploit this vulnerability to perform man-in-the-middle attacks (MITM).
This vulnerability could lead to a loss of confidentiality and more.


CVSS Version 3.x – 3.1 Low


It is recommended to configure the web server so that it will always send the following HTTP headers in all server responses.
Strict-Transport-Security: max-age=31536000


< Return to all Vulnerabilities


How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »