HackerOne: Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)

ID H1:3709
Type hackerone
Reporter simon90
Modified 2014-04-22T10:16:47


Hello team of HackerOne!

I am Simone, and today I will report you a criptographic issue on your site!

Issue: Strict Transport Security with too short max age.

Description: Your site use a good "Strict Transport Security" but with short MAX AGE!

Severity: See more information below.

Proof of Concept by ssllabs.com (100% affidability):


"Strict Transport Security (HSTS) Yes max-age=2678400; includeSubdomains TOO SHORT (less than 180 days)"

If you want to see the full scan with your "eyes" check it here: https://www.ssllabs.com/ssltest/analyze.html?d=hackerone.com&s=

Also..See more information here:


Thanks and best regards, Simone