Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Investigate lack of HSTS on www.targobank.de #416
There's a couple of things going on here. First, it seems that this web site doesn't like the SSL Labs user agent, because it's responding with 403. The same happens with curl. When responding with 403, it sends two HSTS headers, but SSL Labs is not reporting anything. This is the second problem. SSL Labs should process the first and warn about the presence of the second, per the HSTS RFC.