HTTP Strict Transport Security (HSTS) is a security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections and never via the insecure HTTP protocol.


Check completed with warnings

HSTS header values:
Max Age: 31536000 seconds (1 years)
Include subdomains:
Preload:
Location: https://www.zbor.md


The configuration has some non-critical issues.

The HSTS evaluation is finished and has presented warnings, pointing to possible concerns or imperfect setups in its deployment. HSTS warnings usually indicate issues with the security policy's setup, such as a too-short max-age value, which doesn't provide long-term security. The absence of the includeSubDomains directive can leave subdomains vulnerable, as the HSTS policy won't apply to them. Not including the preload directive means the domain isn't on browsers' preload lists, increasing risk during the first connection. Multiple or incorrectly formatted HSTS headers can lead to confusion and improper policy enforcement. Lastly, sending HSTS headers over HTTP is ineffective as the policy is designed to enhance HTTPS security.