HSTS Monitoring Mistakes That Break Alerts
HSTS is one of those controls people configure once, feel good about, and then forget for two years. That is exactly why it needs monitoring. I’ve seen teams proudly preload a domain, then quietly lose the header on a CDN edge, a redirect hop, or a newly launched subdomain. Nobody notices until someone runs a scan, a browser behavior changes, or a security review turns up a gap that has been sitting there for months. ...