Browse by OWASP ZAP

X-Content-Type-Options Header Missing (1215218)
X-Frame-Options Header Not Set (1133600)
Timestamp Disclosure - Unix (999877)
Information Disclosure - Suspicious Comments (848379)
Cross-Domain JavaScript Source File Inclusion (805195)
Absence of Anti-CSRF Tokens (738789)
Incomplete or No Cache-control and Pragma HTTP Header Set (686824)
Cookie Without SameSite Attribute (584445)
Cookie No HttpOnly Flag (458450)
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) (405746)
Vulnerable JS Library (245569)
Cookie Without Secure Flag (245205)
Charset Mismatch (159444)
Web Browser XSS Protection Not Enabled (117236)
CSP: Wildcard Directive (98707)
Cross-Domain Misconfiguration (93548)
Loosely Scoped Cookie (83309)
Secure Pages Include Mixed Content (82416)
WSDL File Detection (71150)
Information Disclosure - Debug Error Messages (47293)
Information Disclosure - Sensitive Information in URL (46893)
CSP: style-src unsafe-inline (40510)
CSP: script-src unsafe-inline (36568)
Application Error Disclosure (33288)
X-AspNet-Version Response Header (32930)
Content-Type Header Missing (27761)
Private IP Disclosure (18576)
Viewstate without MAC Signature (Unsure) (17834)
CSP Scanner: Wildcard Directive (17052)
Multiple X-Frame-Options Header Entries (9390)
Information Disclosure - Sensitive Information in HTTP Referrer Header (6331)
CSP Scanner: style-src unsafe-inline (5427)
CSP: Notices (4750)
CSP Scanner: script-src unsafe-inline (4454)
X-Frame-Options Setting Malformed (4236)
Weak Authentication Method (2895)
CSP: X-Content-Security-Policy (2369)
Session ID in URL Rewrite (2116)
Emails Found in the Viewstate (1832)
Potential IP Addresses Found in the Viewstate (1417)
CSP Scanner: Notices (1264)
CSP: X-WebKit-CSP (1070)
CSP Scanner: X-Content-Security-Policy (480)
Referer Exposes Session ID (439)
X-Frame-Options Defined via META (Non-compliant with Spec) (276)
CSP Scanner: X-WebKit-CSP (205)
Old Asp.Net Version in Use (135)
HTTP Parameter Override (86)
X-Debug-Token Information Leak (78)
Split Viewstate in Use (55)
Viewstate without MAC Signature (Sure) (31)
Username Hash Found (30)
Content-Type Header Empty (19)
WSDL File Passive Scanner (17)
Insecure JSF ViewState (8)