Most common Medium Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Content Security Policy (CSP) Header Not Set | Medium | 8.13 |
Absence of Anti-CSRF Tokens | Medium | 7.93 |
CSP: Wildcard Directive | Medium | 3.84 |
Missing Anti-clickjacking Header | Medium | 2.99 |
CSP: script-src unsafe-inline | Medium | 2.92 |
Most common Low Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Cross-Domain JavaScript Source File Inclusion | Low | 16.68 |
Server Leaks Version Information via "Server" HTTP Response Header Field | Low | 7.18 |
X-Content-Type-Options Header Missing | Low | 7.06 |
Strict-Transport-Security Header Not Set | Low | 6.83 |
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) | Low | 4.05 |
Most common Info Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Information Disclosure - Suspicious Comments | Informational | 10.42 |
Re-examine Cache-control Directives | Informational | 4.14 |
User Controllable HTML Element Attribute (Potential XSS) | Informational | 1.33 |
CSP: X-Content-Security-Policy | Informational | 1.26 |
Obsolete Content Security Policy (CSP) Header Found | Informational | 1.13 |