HTTP Strict Transport Security (HSTS) Max-Age Value Too Low Severity: Information Summary# HTTP Strict Transport Security (HSTS) header's max-age value is lower than the recommended value. Remediation# It is recommended to set the max-age to a big value like 31536000 (12 months) or 63072000 (24 months). Classifications# WASC-15, CWE-16, ISO27001-A.14.1.2 Invicti Security Insights HTTP security headers: An easy way to harden your web applications Why Websites Need HTTP Strict Transport Security (HSTS) Content-Type and Status Code Leakage Why Framework Choice Matters in Web Application Security The Importance of the Content-Type Header in HTTP Requests Vulnerability Index You can search and find all vulnerabilities Select Category Critical High Medium Low Best Practice Information OR Search Vulnerability Tags HTTP HSTS Related Vulnerabilities Server-Side Template Injection (Node.js EJS) Code Evaluation via Local File Inclusion (PHP) Blind SQL Injection Out of Band Code Execution via SSTI (Node.js Pug (Jade)) Server-Side Template Injection (Node.js Dot)