Web Application Vulnerabilities Index

This page lists vulnerabilities categorized as Best Practice severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Content Security Policy (CSP) Not Implemented
Content Security Policy (CSP) Not Implemented
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Best Practice
Expect-CT Not Enabled
Expect-CT Not Enabled
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
Best Practice
Missing X-XSS-Protection Header
Missing X-XSS-Protection Header
CWE-16
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Best Practice
Referrer-Policy Not Implemented
Referrer-Policy Not Implemented
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Best Practice
SameSite Cookie Not Implemented
SameSite Cookie Not Implemented
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Best Practice
SameSite None Cookie Not Marked as Secure
SameSite None Cookie Not Marked as Secure
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Best Practice
Subresource Integrity (SRI) Not Implemented
Subresource Integrity (SRI) Not Implemented
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Best Practice