nuclei-templates/miscellaneous/missing-hsts.yaml

id: missing-hsts
info:
  name: Strict Transport Security Not Enforced
  author: Dawid Czarnecki
  severity: info
  description: Checks if the HSTS is enabled by looking for Strict Transport Security response header.
  tags: misc,generic

requests:
  - method: GET
    path:
      - '{{BaseURL}}'
    redirects: true
    matchers:
      - type: dsl
        dsl:
          - '!contains(tolower(all_headers), ''strict-transport-security'')'
Create missing-hsts 2020-09-07 19:13:53 +00:00			`id: missing-hsts`
			`info:`
typofix 2021-03-17 01:43:30 +00:00			`name: Strict Transport Security Not Enforced`
Create missing-hsts 2020-09-07 19:13:53 +00:00			`author: Dawid Czarnecki`
file update 2020-09-08 07:23:49 +00:00			`severity: info`
Added more tags 2021-04-01 18:35:08 +00:00			`description: Checks if the HSTS is enabled by looking for Strict Transport Security response header.`
Update missing-hsts.yaml 2021-08-11 07:58:55 +00:00			`tags: misc,generic`
Added more tags 2021-04-01 18:35:08 +00:00
Create missing-hsts 2020-09-07 19:13:53 +00:00			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}'`
			`redirects: true`
			`matchers:`
			`- type: dsl`
			`dsl:`
typofix 2021-03-17 01:43:30 +00:00			`- '!contains(tolower(all_headers), ''strict-transport-security'')'`