Home / Vulnerability Database / Go : Missing HSTS header

Go : Missing HSTS header

Classification

OWASP Top 10 2013

A6-Sensitive Data Exposure

OWASP Top 10 2017

A1-Injection

OWASP Top 10 2021

A3-Injection

PCI DSS 4.0

4.2.1 6.2.4

HIPAA

§164.312 (e)(1)§164.312 (e)(2)(ii)

CWE

CWE-1032

Overview

HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header.

If the application uses http requests and the HSTS header is missed, man in the middle attack is possible .

References

CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration

MEDIUM

Go : Missing HSTS header

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Go : Missing HSTS header in your application?

See also

Go : Undocumented feature: special account

Go : Nil salt

Go : Logging into system output