Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
SSL/TLS: Check for `max-age` Attribute in HSTS Header
Information
Severity
Severity
Informational
Family
Family
SSL and TLS
CVSSv2 Base
CVSSv2 Base
0.0
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:M/Au:N/C:N/I:N/A:N
Solution Type
Solution Type
Workaround
Created
Created
6 years ago
Modified
Modified
6 years ago
Summary
The remote HTTPS Server is using a too low value within the 'max-age' attribute in the HSTS header.
Solution
Solution
The minimum value to get added to the HSTS preload lists of Google Chrome is 18 weeks (10886400 seconds). The value should aim towards 6 months (15768000 seconds) but heavily depends on your deployment scenario.