-
Notifications
You must be signed in to change notification settings - Fork 53
TWA 0202
Jorge Vallecillo edited this page Aug 2, 2020
·
2 revisions
"Strict-Transport-Security max-age is less than 6 months"
Strict-Transport-Security headers are cached by the user browser. Having a STS header for a short duration means that more users are susceptible to downgrade attacks. If a user visits your website once over HTTP, their browser should receive the redirect, and cache the STS header for at least 6 months.
Set the Strict-Transport-Security header's max-age parameter to atleast 6 months (15778800 seconds).