nuclei-templates/misc/missing-hsts.yaml

16 lines
434 B
YAML

id: missing-hsts
info:
name: Strict Tranposrt Security Not Enforced
author: Dawid Czarnecki
severity: info
description: Checks if the HSTS is enabled by looking for Strict Transport Security
response header.
requests:
- method: GET
path:
- '{{BaseURL}}'
redirects: true
matchers:
- type: dsl
dsl:
- '!contains(tolower(all_headers), ''strict-transport-security'')'