Most common Medium Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Absence of Anti-CSRF Tokens | Medium | 11.24 |
Cross-Domain Misconfiguration | Medium | 9.13 |
CSP: Wildcard Directive | Medium | 3.23 |
CSP: style-src unsafe-inline | Medium | 3.22 |
CSP: script-src unsafe-inline | Medium | 2.92 |
Most common Low Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Strict-Transport-Security Header Not Set | Low | 5.30 |
Cross-Domain JavaScript Source File Inclusion | Low | 5.26 |
Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec) | Low | 4.82 |
X-Content-Type-Options Header Missing | Low | 4.20 |
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) | Low | 2.36 |
Most common Info Risk security issues in the last 30 days
Issue Type | Category | Percentage |
---|---|---|
Information Disclosure - Suspicious Comments | Informational | 13.84 |
Retrieved from Cache | Informational | 10.77 |
Re-examine Cache-control Directives | Informational | 3.53 |
User Controllable HTML Element Attribute (Potential XSS) | Informational | 3.21 |
User Agent Fuzzer | Informational | 1.92 |