Origin Validation Error
| Property | |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-346: Origin Validation Error |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The application does not set the HTTP Strict-Transport-Security (HSTS) header, which means browsers may connect over insecure HTTP instead of always using HTTPS. This leaves users vulnerable to man-in-the-middle attacks if connections downgrade to HTTP.
Impact#
Without HSTS, attackers could intercept or alter data by forcing users to access the site over insecure HTTP, potentially exposing sensitive information or session data. This weakens the application’s overall transport security and puts both users and the organization at risk of data theft or manipulation.