| .env Information Leak |
|
| .htaccess Information Leak |
|
| Anti-CSRF Tokens Check |
|
| Application Error Disclosure |
|
| Backup File Detected |
|
| Cloud Metadata Potentially Exposed |
|
| Content Security Policy (CSP) Header Not Set |
|
| Content Security Policy (CSP) Report-Only Header Found |
|
| Content-Type Header Empty |
|
| Content-Type Header Missing |
|
| Cookie No HttpOnly Flag |
|
| Cookie Slack Detector |
|
| Cookie Without Secure Flag |
|
| Cross-Domain Misconfiguration - Adobe - Read |
|
| Cross-Domain Misconfiguration - Adobe - Send |
|
| Cross-Domain Misconfiguration - Silverlight |
|
| CSP: Header & Meta |
|
| CSP: Malformed Policy (Non-ASCII) |
|
| CSP: Meta Policy Invalid Directive |
|
| CSP: Notices |
|
| CSP: script-src unsafe-eval |
|
| CSP: script-src unsafe-hashes |
|
| CSP: script-src unsafe-inline |
|
| CSP: style-src unsafe-hashes |
|
| CSP: style-src unsafe-inline |
|
| CSP: Wildcard Directive |
|
| CSP: X-Content-Security-Policy |
|
| CSP: X-WebKit-CSP |
|
| Directory Browsing |
|
| ELMAH Information Leak |
|
| Emails Found in the Viewstate |
|
| Generic Padding Oracle |
|
| GET for POST |
|
| GraphQL Endpoint Supports Introspection |
|
| Hidden File Found |
|
| HTTP Only Site |
|
| HTTP Parameter Override |
|
| HTTP to HTTPS Insecure Transition in Form Post |
|
| HTTPS Content Available via HTTP |
|
| HTTPS to HTTP Insecure Transition in Form Post |
|
| Image Exposes Location or Privacy Data |
|
| In Page Banner Information Leak |
|
| Insecure HTTP Method |
|
| Insecure JSF ViewState |
|
| Loosely Scoped Cookie |
|
| Missing Anti-clickjacking Header |
|
| Multiple X-Frame-Options Header Entries |
|
| Obsolete Content Security Policy (CSP) Header Found |
|
| Old Asp.Net Version in Use |
|
| Possible Username Enumeration |
|
| Potential IP Addresses Found in the Viewstate |
|
| Properties File Disclosure - /WEB-INF folder |
|
| Proxy Disclosure |
|
| Relative Path Confusion |
|
| Reverse Tabnabbing |
|
| Secure Pages Include Mixed Content |
|
| Server Leaks its Webserver Application via "Server" HTTP Response Header Field |
|
| Server Leaks Version Information via "Server" HTTP Response Header Field |
|
| Source Code Disclosure - /WEB-INF Folder |
|
| Source Code Disclosure - File Inclusion |
|
| Source Code Disclosure - Git |
|
| Source Code Disclosure - PHP |
|
| Source Code Disclosure - SVN |
|
| Split Viewstate in Use |
|
| Strict-Transport-Security Defined via META (Non-compliant with Spec) |
|
| Strict-Transport-Security Disabled |
|
| Strict-Transport-Security Header Not Set |
|
| Strict-Transport-Security Header on Plain HTTP Response |
|
| Strict-Transport-Security Malformed Content (Non-compliant with Spec) |
|
| Strict-Transport-Security Max-Age Malformed (Non-compliant with Spec) |
|
| Strict-Transport-Security Missing Max-Age (Non-compliant with Spec) |
|
| Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec) |
|
| Sub Resource Integrity Attribute Missing |
|
| Trace.axd Information Leak |
|
| Viewstate without MAC Signature (Sure) |
|
| Viewstate without MAC Signature (Unsure) |
|
| Web Cache Deception |
|
| WSDL File Detection |
|
| X-AspNet-Version Response Header |
|
| X-Backend-Server Header Information Leak |
|
| X-Content-Type-Options Header Missing |
|
| X-Frame-Options Defined via META (Non-compliant with Spec) |
|
| X-Frame-Options Setting Malformed |
|