In gb_hsts_preload_missing.nasl
that checks for the preload
attribute in HSTS headers, the log_message that gets outputed refers the includeSubDomains
directive incorrectly as such:
log_message( port:port, data:'The remote HTTPS Server is missing the "includeSubDomains" attribute in the HSTS header.\n\nHSTS Header:\n\n' + banner );
The message should probably be modified to indicate that the preload
attribute is missing instead of the includeSubDomains