Most common Medium Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Absence of Anti-CSRF Tokens | Medium | 13.63 |
Content Security Policy (CSP) Header Not Set | Medium | 6.65 |
CSP: Wildcard Directive | Medium | 2.32 |
CSP: style-src unsafe-inline | Medium | 2.29 |
CSP: script-src unsafe-inline | Medium | 1.94 |
Most common Low Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Cross-Domain JavaScript Source File Inclusion | Low | 14.48 |
Strict-Transport-Security Header Not Set | Low | 5.90 |
X-Content-Type-Options Header Missing | Low | 3.76 |
Cookie without SameSite Attribute | Low | 3.07 |
Server Leaks Version Information via "Server" HTTP Response Header Field | Low | 2.50 |
Most common Info Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Information Disclosure - Suspicious Comments | Informational | 16.06 |
Re-examine Cache-control Directives | Informational | 5.75 |
User Controllable HTML Element Attribute (Potential XSS) | Informational | 3.94 |
Retrieved from Cache | Informational | 3.73 |
Information Disclosure - Sensitive Information in URL | Informational | 0.90 |