|
Content Security Policy (CSP) Not Implemented
|
CWE-16, ISO27001-A.14.2.5, WASC-15 |
Best Practice
|
|
Expect-CT Not Enabled
|
CWE-16, ISO27001-A.14.1.2, WASC-15 |
Best Practice
|
|
Insecure Transportation Security Protocol Supported (TLS 1.1)
|
PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 |
Best Practice
|
|
Missing X-XSS-Protection Header
|
CWE-16, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-15 |
Best Practice
|
|
Referrer-Policy Not Implemented
|
CWE-200, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A3 |
Best Practice
|
|
SameSite Cookie Not Implemented
|
CWE-16, ISO27001-A.14.2.5, WASC-15 |
Best Practice
|
|
SameSite None Cookie Not Marked as Secure
|
CWE-16, ISO27001-A.14.2.5, WASC-15 |
Best Practice
|
|
Subresource Integrity (SRI) Not Implemented
|
CWE-16, ISO27001-A.14.2.5, WASC-15 |
Best Practice
|