HSTS test fail

[dennisbaaten]

For reasons which are at the moment unclear, the HSTS header on https://cursus.formulierenserver.nl is not detected: https://internet.nl/site/cursus.formulierenserver.nl/1917990/#control-panel-10.

A quick look by @mxsasha seems to point out that the problem occurs before the HSTS test, which causes Internet.nl to skip the HSTS test. It requires more research to uncover the root cause.

[bwbroersma]

It is a 404 result BTW. I just checked another subdomain listed in the Content-Security-Policy, and got No HTTPS (63%) https://internet.nl/site/beheer.formulierenserver.nl/1928804/#sitetls HTTPS (94%) https://internet.nl/site/beheer.formulierenserver.nl/1928808/#sitetls Either the domain or the test is unstable.

[dennisbaaten]

I didn't test for it, but this could have been caused by a form of rate limiting. When I tested the domain the TLS test was successful, but with a false-negative on the HSTS header.