Most common Medium Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Absence of Anti-CSRF Tokens | Medium | 19.56 |
Content Security Policy (CSP) Header Not Set | Medium | 4.53 |
Missing Anti-clickjacking Header | Medium | 4.39 |
Cross-Domain Misconfiguration | Medium | 1.12 |
CSP: script-src unsafe-inline | Medium | 0.52 |
Most common Low Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Cross-Domain JavaScript Source File Inclusion | Low | 19.39 |
Strict-Transport-Security Header Not Set | Low | 5.80 |
Server Leaks Version Information via "Server" HTTP Response Header Field | Low | 5.77 |
X-Content-Type-Options Header Missing | Low | 5.36 |
Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec) | Low | 0.76 |
Most common Info Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
User Controllable HTML Element Attribute (Potential XSS) | Informational | 21.82 |
Information Disclosure - Suspicious Comments | Informational | 5.85 |
Cookie Poisoning | Informational | 0.64 |
Re-examine Cache-control Directives | Informational | 0.42 |
Content-Type Header Missing | Informational | 0.06 |