Vulnerability Name
Classifications
Severity
Content Security Policy (CSP) Not Implemented
CWE-16, ISO27001-A.14.2.5, WASC-15
Best Practice
Expect-CT Not Enabled [deprecated]
CWE-16, ISO27001-A.14.1.2, WASC-15
Best Practice
Insecure Transportation Security Protocol Supported (TLS 1.1)
PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3
Best Practice
Missing X-XSS-Protection Header
CWE-16, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-15
Best Practice
Referrer-Policy Not Implemented
CWE-200, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A3
Best Practice
SameSite Cookie Not Implemented
CWE-16, ISO27001-A.14.2.5, WASC-15
Best Practice
SameSite None Cookie Not Marked as Secure
CWE-16, ISO27001-A.14.2.5, WASC-15
Best Practice
Subresource Integrity (SRI) Not Implemented
CWE-16, ISO27001-A.14.2.5, WASC-15
Best Practice