hsts-not-enabled
hsts-not-enabled
The app does not contain production configurations to enabled HTTP Strict Transport Security (HSTS).
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A02:2021 - Cryptographic Failures
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A02:2021 - Cryptographic Failures