Most common Medium Risk security issues in the last 30 days
| Issue Type | Category | Percentage |
|---|---|---|
| Content Security Policy (CSP) Header Not Set | Medium | 10.40 |
| Missing Anti-clickjacking Header | Medium | 6.06 |
| Absence of Anti-CSRF Tokens | Medium | 3.38 |
| CSP: script-src unsafe-inline | Medium | 3.32 |
| CSP: Wildcard Directive | Medium | 3.16 |
Most common Low Risk security issues in the last 30 days
| Issue Type | Category | Percentage |
|---|---|---|
| Cross-Domain JavaScript Source File Inclusion | Low | 12.98 |
| Strict-Transport-Security Header Not Set | Low | 11.37 |
| Server Leaks Version Information via "Server" HTTP Response Header Field | Low | 8.10 |
| X-Content-Type-Options Header Missing | Low | 7.61 |
| Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) | Low | 3.86 |
Most common Info Risk security issues in the last 30 days
| Issue Type | Category | Percentage |
|---|---|---|
| Information Disclosure - Suspicious Comments | Informational | 11.21 |
| Re-examine Cache-control Directives | Informational | 6.38 |
| Retrieved from Cache | Informational | 2.68 |
| Content-Type Header Missing | Informational | 1.34 |
| Loosely Scoped Cookie | Informational | 1.02 |