.env Information Leak |
|
.htaccess Information Leak |
|
Anti-CSRF Tokens Check |
|
Application Error Disclosure |
|
Backup File Detected |
|
Backup File Disclosure |
|
Cloud Metadata Potentially Exposed |
|
Content Security Policy (CSP) Header Not Set |
|
Content Security Policy (CSP) Report-Only Header Found |
|
Content-Type Header Empty |
|
Content-Type Header Missing |
|
Cookie No HttpOnly Flag |
|
Cookie Slack Detector |
|
Cookie Without Secure Flag |
|
Cross-Domain Misconfiguration - Adobe - Read |
|
Cross-Domain Misconfiguration - Adobe - Send |
|
Cross-Domain Misconfiguration - Silverlight |
|
CSP: Header & Meta |
|
CSP: Malformed Policy (Non-ASCII) |
|
CSP: Meta Policy Invalid Directive |
|
CSP: Notices |
|
CSP: script-src unsafe-eval |
|
CSP: script-src unsafe-hashes |
|
CSP: script-src unsafe-inline |
|
CSP: style-src unsafe-hashes |
|
CSP: style-src unsafe-inline |
|
CSP: Wildcard Directive |
|
CSP: X-Content-Security-Policy |
|
CSP: X-WebKit-CSP |
|
Directory Browsing |
|
ELMAH Information Leak |
|
Full Path Disclosure |
|
GraphQL Endpoint Supports Introspection |
|
Hidden File Found |
|
HTTP Only Site |
|
HTTPS Content Available via HTTP |
|
Image Exposes Location or Privacy Data |
|
In Page Banner Information Leak |
|
Insecure HTTP Method |
|
Missing Anti-clickjacking Header |
|
Multiple X-Frame-Options Header Entries |
|
Obsolete Content Security Policy (CSP) Header Found |
|
Possible Username Enumeration |
|
Properties File Disclosure - /WEB-INF folder |
|
Proxy Disclosure |
|
Relative Path Confusion |
|
Secure Pages Include Mixed Content |
|
Server Leaks its Webserver Application via "Server" HTTP Response Header Field |
|
Server Leaks Version Information via "Server" HTTP Response Header Field |
|
Source Code Disclosure - /WEB-INF Folder |
|
Source Code Disclosure - File Inclusion |
|
Source Code Disclosure - Git |
|
Source Code Disclosure - PHP |
|
Source Code Disclosure - SVN |
|
Strict-Transport-Security Defined via META (Non-compliant with Spec) |
|
Strict-Transport-Security Disabled |
|
Strict-Transport-Security Header Not Set |
|
Strict-Transport-Security Header on Plain HTTP Response |
|
Strict-Transport-Security Malformed Content (Non-compliant with Spec) |
|
Strict-Transport-Security Max-Age Malformed (Non-compliant with Spec) |
|
Strict-Transport-Security Missing Max-Age (Non-compliant with Spec) |
|
Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec) |
|
Sub Resource Integrity Attribute Missing |
|
Trace.axd Information Leak |
|
Web Cache Deception |
|
WSDL File Detection |
|
X-AspNet-Version Response Header |
|
X-Backend-Server Header Information Leak |
|
X-Content-Type-Options Header Missing |
|
X-Frame-Options Defined via META (Non-compliant with Spec) |
|
X-Frame-Options Setting Malformed |
|