Most common Medium Risk security issues in the last 30 days
| Issue Type | Category | Percentage |
|---|---|---|
| Absence of Anti-CSRF Tokens | Medium | 21.08 |
| Content Security Policy (CSP) Header Not Set | Medium | 6.12 |
| CSP: Wildcard Directive | Medium | 1.82 |
| CSP: style-src unsafe-inline | Medium | 1.82 |
| CSP: script-src unsafe-inline | Medium | 1.28 |
Most common Low Risk security issues in the last 30 days
| Issue Type | Category | Percentage |
|---|---|---|
| Cross-Domain JavaScript Source File Inclusion | Low | 9.38 |
| Strict-Transport-Security Header Not Set | Low | 4.34 |
| X-Content-Type-Options Header Missing | Low | 2.21 |
| Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) | Low | 1.13 |
| Cookie No HttpOnly Flag | Low | 0.95 |
Most common Info Risk security issues in the last 30 days
| Issue Type | Category | Percentage |
|---|---|---|
| Information Disclosure - Suspicious Comments | Informational | 20.85 |
| User Controllable HTML Element Attribute (Potential XSS) | Informational | 7.12 |
| Re-examine Cache-control Directives | Informational | 7.09 |
| Retrieved from Cache | Informational | 4.11 |
| Timestamp Disclosure - Unix | Informational | 0.96 |