[BUG]: OSHP recommendations are not aligned with OWASP recommendations

[x0341]

Describe the bug A clear and concise description of what the bug is.

Expected behavior An alignment between this validator and the OWASP public recommendations.

Screenshots If applicable, add screenshots to help explain your problem.

See here: used by OSHP validator: https://raw.githubusercontent.com/OWASP/www-project-secure-headers/master/ci/headers_add.json OWASP recommendations: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#recommendation_6

Additional context Recommendations of OSHP-validator should be aligned with the "official" OWASP recommendations here: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#recommendation_6

[righettod]

Hello,

😉 Thanks for the issue.

📖 The validator is aligned with the recommendation from the OSHP. Regarding HTTP headers security, it is the OSHP that is the "official" OWASP reference, not the CSS project:

💡 By the way, when your check the HSTS page of the CSS project, it match our value:

📍 We (@riramar and me) does not specify the preload option by default, because, it have important implication and it is only applicable for site exposed on Internet.

📡 We already asked to the CSS project to sync its content on OSHP project for HTTP headers security content

🤝 Feel free to reach us if you have any questions.