Severity Update on plugin 84502 (HSTS Missing From HTTPS...
Severity Update on plugin 84502 (HSTS Missing From HTTPS Server) Summary We will be updating the severity level of plugin 84502 to INFO (currently MEDIUM) Change Plugin 84502 checks if the remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). We will be changing the severity of the plugin to INFO level, as in some cases the missing HSTS does not imply a vulnerable server. Additionally, we are considering releasing a separate plugin, including extra HSTS checks with a higher severity level. Impact Plugin 84502 will see its severity level changed to INFO Target Release Date Thursday 5 November 2020