HSTS header not reported when it is returned only after a redirect #393

r0oth3x49 · 2019-09-19T11:37:58Z

Describe the bug
http headers check plugin says HSTS not supported, while scanning the same web on ssllabs shows HSTS enabled. I have also tried with requests to check the headers requests also shows that HSTS is available.

To Reproduce
Steps to reproduce the behavior:

install the latest version of SSLyze from pip.
Run the following command python3 -m sslyze --http_headers emm.epf.gov.my
See the error it says not supported.

Expected behavior
It should also show that HSTS is supported.

Python environment (please complete the following information):

OS: Debian Kali latest
Python version: 3.7 (default version available on latest kali)

Screen shots for your reference
Locally ran the command using requests and sslyze both.

ssllabs shows.

Edit
The reason could be redirections in http request.

The text was updated successfully, but these errors were encountered:

nabla-c0d3 · 2020-04-19T16:55:49Z

Fix released in v3.0.2.

nabla-c0d3 added the bug label Sep 20, 2019

nabla-c0d3 changed the title ~~HTTP Header plugin Issue.~~ HSTS header not reported when it is returned only after a redirect Oct 9, 2019

nabla-c0d3 added a commit that referenced this issue Apr 19, 2020

[#393] Add support for HTTP redirections

9a3f469

nabla-c0d3 closed this as completed Apr 19, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HSTS header not reported when it is returned only after a redirect #393

HSTS header not reported when it is returned only after a redirect #393

r0oth3x49 commented Sep 19, 2019 •

edited

Loading

nabla-c0d3 commented Apr 19, 2020

HSTS header not reported when it is returned only after a redirect #393

HSTS header not reported when it is returned only after a redirect #393

Comments

r0oth3x49 commented Sep 19, 2019 • edited Loading

nabla-c0d3 commented Apr 19, 2020

r0oth3x49 commented Sep 19, 2019 •

edited

Loading