AnsweredAssumed Answered

Strict Transport Security and max-age

Question asked by Jonn on Nov 21, 2012
Latest reply on Nov 23, 2012 by Ivan Ristić

It seams many people don't understand HTTP Strict Transport Security.

 

If I look in SSL Server Test > Recent Best-Rated many Server have  to short max-age setting (less than 10 minutes).

 

And even that is coloured green. I think that is the wrong sign.

 

With such settings is Strict Transport Security worthless. And I think it is worse, if you think you have a function. But it is configured in a way that it isn't working at all.

 

I think it should be read if it is below one month. Black if it is below 6 month and only green if it is above that.

Outcomes