HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.
Vulnerability Resolution:
Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.
Workspace:
Default
Description:
HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.
Vulnerability Resolution:
Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.
Evidence:
Affected Info:
Affected URL:
https://demo.testfire.net/index.jsp?content=personal_investments.htm
https://demo.testfire.net/index.jsp?content=personal_cards.htm
https://demo.testfire.net/index.jsp?content=personal_loans.htm
https://demo.testfire.net/feedback.jsp
https://demo.testfire.net/sitemap.xml