| Details | |
|---|---|
| Alert ID | 200005-22 |
| Alert Type | Tool |
| Status | alpha |
| Risk | Low |
| CWE | 693 |
| WASC | |
| Technologies Targeted | All |
| Tags |
CWE-693 OWASP_2021_A05 OWASP_2025_A02 TOOL_PTK |
Summary
The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.
Generated by OWASP PTK DAST Module
Solution
Configure security-related HTTP response headers consistently on all responses to harden the application against common browser-based attacks. • HSTS – enforce HTTPS with a long max-age and includeSubDomains where appropriate. • Content-Security-Policy – restrict scripts, styles, frames and connections to trusted sources only. • Referrer-Policy – limit referrer information sent to other origins. • X-Content-Type-Options – use nosniff to prevent MIME type confusion. • Cookies – set Secure, HttpOnly and SameSite attributes on sensitive cookies. • Remove unnecessary disclosure headers such as Server and X-Powered-By where possible.Other Info
References
- https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/
- https://cwe.mitre.org/data/definitions/693.html