|
Details
|
|
Scan Rule ID
|
200005 |
|
Alert Type
|
Tool |
|
Status
|
alpha |
Alerts
-
200005-1 Missing Content-Security-Policy header
-
200005-2 CSP allows inline/eval or wildcards in script/style
-
200005-3 CSP 'frame-ancestors' missing or overly broad
-
200005-4 CSP Report-Only present without enforcing CSP
-
200005-5 Missing Strict-Transport-Security header (on HTTPS)
-
200005-6 Strict-Transport-Security sent over HTTP (ineffective)
-
200005-7 HSTS max-age too low or missing includeSubDomains
-
200005-8 X-Powered-By header or equivalent present
-
200005-9 Server banner discloses software/version
-
200005-10 Missing or invalid X-Content-Type-Options
-
200005-11 X-XSS-Protection header is a legacy directive
-
200005-12 Expect-CT is deprecated
-
200005-13 COOP set without COEP/CORP (incomplete cross-origin isolation)
-
200005-14 COEP present but value is not 'require-corp' or 'credentialless'
-
200005-15 Deprecated Feature-Policy or unknown/overly-permissive Permissions-Policy
-
200005-16 Missing or weak Referrer-Policy
-
200005-17 Clear-Site-Data present but missing executionContexts
-
200005-18 Clear-Site-Data uses wildcard *
-
200005-19 CORS allows any origin with credentials
-
200005-20 Sensitive cookies missing security flags
-
200005-21 Potentially authenticated content lacks no-store
-
200005-22 Public-Key-Pins is deprecated
-
200005-23 COOP present but value is not 'same-origin'
Code
src/ptk/background/dast/modules/modules.json