Details
Alert ID 100016
Alert Type Script Passive
Status alpha
Risk Low
CWE 693
WASC 15
Technologies Targeted All
Tags CWE-693
More Info Scan Rule Help

Summary

Some of the following security headers are missing from the HTTP response: Strict-Transport-Security, Content-Security-Policy, X-XSS-Protection, X-Content-Type-Options, X-Frame-Options.

Solution

Ensure that your web server, application server, load balancer, etc. is configured to set the missing security headers.

Other Info

References

Code

passive/Mutliple Security Header Check.js