This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport
Security (HSTS). The lack of HSTS allows downgrade attacks,
SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking
See also :
Configure the remote web server to use HSTS.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now