Pentest Blog Posts
Not So Strict Transport Security
Matthew Daley
HTTP Strict Transport Security (HSTS)
Web
Your Strict Transport Security policy may not be as strict as you think. A common misconfiguration can lead to a suprising amount of plaintext leakage.