Most common Medium Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Absence of Anti-CSRF Tokens | Medium | 15.92 |
Cross-Domain Misconfiguration | Medium | 9.69 |
CSP: script-src unsafe-inline | Medium | 4.80 |
CSP: Wildcard Directive | Medium | 4.75 |
CSP: style-src unsafe-inline | Medium | 4.67 |
Most common Low Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Cross-Domain JavaScript Source File Inclusion | Low | 16.77 |
Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec) | Low | 6.61 |
Server Leaks Version Information via "Server" HTTP Response Header Field | Low | 4.09 |
Strict-Transport-Security Header Not Set | Low | 3.95 |
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) | Low | 2.83 |
Most common Info Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Information Disclosure - Suspicious Comments | Informational | 6.10 |
Re-examine Cache-control Directives | Informational | 3.76 |
User Controllable HTML Element Attribute (Potential XSS) | Informational | 1.75 |
Content-Type Header Missing | Informational | 0.95 |
Loosely Scoped Cookie | Informational | 0.10 |