Burp Suite User Forum

Login to post

configure scan for HSTS

Jody | Last updated: Jun 22, 2022 10:37PM UTC

want to just search for HSTS vulnerabilities on security headers on a website. what configuration do I use that will show it.

Ben, PortSwigger Agent | Last updated: Jun 23, 2022 10:03AM UTC

Hi Jody, It sounds like you want to check for the 'Unencrypted communications' and 'Strict transport security not enforced' vulnerabilities. For scans and live tasks you can configure what vulnerabilities Burp will check for by making changes within the 'Issues Reported' section in the audit configuration. You can configure Burp to check for individual issues (rather than issue type) and the screenshot below shows how to set this up in a way that should help you identify the issues that you are interested in: https://snipboard.io/VKLt9w.jpg

You need to Log in to post a reply. Or register here, for free.