From 198a5f0c3068238ea0fa24c99fd7aa6ee29eb223 Mon Sep 17 00:00:00 2001
From: Magnus Larsen <magnusfynbo@hotmail.com>
Date: Wed, 9 Jul 2025 09:41:11 +0200
Subject: [PATCH] fix(rating): HSTS not offered does not give a warning

---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 0d41c90..de9789e 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -2820,6 +2820,7 @@ run_hsts() {
           if ! is_number "$hsts_age_sec"; then
                pr_svrty_medium "misconfiguration: \'"$hsts_age_sec"\' is not a valid max-age specification"
                fileout "${jsonID}_time" "MEDIUM" "misconfiguration, specified not a number for max-age"
+               set_grade_warning "HSTS max-age is misconfigured"
           else
                if [[ -n $hsts_age_sec ]]; then
                     hsts_age_days=$(( hsts_age_sec / 86400))
@@ -2859,7 +2860,6 @@ run_hsts() {
      else
           pr_svrty_low "not offered"
           fileout "$jsonID" "LOW" "not offered"
-          set_grade_warning "HSTS is disabled"
      fi
      outln