- September 12, 2023: Separated finding messages.
- August 31, 2020: Added requirements.
Required for both HTTP/1.1 and HTTP/1.0
max-ageparameter is required.
preloadparameters are optional. If present, we check to see if they are legitimate and that there are no associated values (i.e., syntax parsing).
- An HSTS header on an HTTP response is ignored.
See finding messages.