HTTP Strict Transport Security (HSTS) Policy Not Enabled is a vulnerability similar to Remote Code Execution and DoS in HTTP.sys (IIS) and is reported with medium-level severity. It is categorized as OWASP 2013-A6, OWASP 2017-A3, CAPEC-217, WASC-4, ISO27
14.6. Bootstrap MITM Vulnerability Bootstrap MITM (man-in-the-middle) vulnerability is a vulnerability that users and HSTS Hosts encounter in the situation where the user manually enters, or follows a link, to an unknown HSTS Host using an "http" URI rather than an "https" URI. Because th...