ASVS Requirement 3.7.4

• Level: 3
• Chapter: V3 Web Frontend Security
• Section: V3.7 Other Browser Security Considerations
• Source: 0x12-V3-Web-Frontend-Security.md

Description

Verify that the application's top-level domain (e.g., site.tld) is added to the public preload list for HTTP Strict Transport Security (HSTS). This ensures that the use of TLS for the application is built directly into the main browsers, rather than relying only on the Strict-Transport-Security response header field.