Hi everyone, I’ve been using different tools to identify the http security headers implemented.
When I use the module “is_header_hsts_missing” from asserts throws me the following result: “Strict-Transport-Security HTTP header is insecure”
So when I use a scanner online, the scanner shows me the Strict-Transport-Security header is implemented, the same occurs when I use nikto
message from nikto: “‘strict-transport-security’ found, with contents: max-age=2592000”
Is the configuration for this header insecure? I read that configuration should include “includeSubDomains”.