Browse by OWASP ZAP

X-Content-Type-Options Header Missing (3149744)
X-Frame-Options Header Not Set (2904725)
Timestamp Disclosure - Unix (2508616)
Information Disclosure - Suspicious Comments (2251177)
Cross-Domain JavaScript Source File Inclusion (2056003)
Absence of Anti-CSRF Tokens (1909325)
Incomplete or No Cache-control and Pragma HTTP Header Set (1721081)
Cookie Without SameSite Attribute (1479772)
Cookie No HttpOnly Flag (1210169)
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) (1034649)
Vulnerable JS Library (693985)
Cookie Without Secure Flag (630679)
Charset Mismatch (449775)
CSP: Wildcard Directive (312677)
Cross-Domain Misconfiguration (241197)
Secure Pages Include Mixed Content (222747)
Loosely Scoped Cookie (189716)
WSDL File Detection (187780)
CSP: Notices (182847)
Application Error Disclosure (176529)
Information Disclosure - Sensitive Information in URL (140447)
Information Disclosure - Debug Error Messages (126127)
CSP: style-src unsafe-inline (122279)
CSP: script-src unsafe-inline (109561)
Charset Mismatch (Header Versus Meta Content-Type Charset) (103952)
Content Security Policy (CSP) Header Not Set (94704)
Secure Pages Include Mixed Content (Including Scripts) (88996)
Web Browser XSS Protection Not Enabled (88878)
X-AspNet-Version Response Header (84740)
Content-Type Header Missing (82889)
Modern Web Application (80518)
Missing Anti-clickjacking Header (80391)
Private IP Disclosure (52166)
Viewstate without MAC Signature (Unsure) (50725)
Re-examine Cache-control Directives (43197)
Cookie without SameSite Attribute (40148)
Strict-Transport-Security Header Not Set (38589)
Server Leaks Version Information via "Server" HTTP Response Header Field (25427)
Multiple X-Frame-Options Header Entries (24298)
User Controllable HTML Element Attribute (Potential XSS) (18885)
Retrieved from Cache (16603)
Information Disclosure - Sensitive Information in HTTP Referrer Header (15044)
Charset Mismatch (Header Versus Meta Charset) (14942)
CSP: X-Content-Security-Policy (8434)
Weak Authentication Method (8069)
Cookie with SameSite Attribute None (7830)
X-Frame-Options Setting Malformed (7822)
Charset Mismatch (7393)
CSP: script-src unsafe-eval (5561)
Session ID in URL Rewrite (5441)
PII Disclosure (4852)
Emails Found in the Viewstate (4416)
Content Security Policy (CSP) Report-Only Header Found (3978)
CSP: X-WebKit-CSP (3824)
Potential IP Addresses Found in the Viewstate (3517)
Referer Exposes Session ID (3312)
Strict-Transport-Security Disabled (2176)
Big Redirect Detected (Potential Sensitive Information Leak) (1933)
Cookie Poisoning (1723)
HTTP to HTTPS Insecure Transition in Form Post (1054)
X-Frame-Options Defined via META (Non-compliant with Spec) (650)
Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec) (595)
Old Asp.Net Version in Use (340)
Hash Disclosure - Mac OSX salted SHA-1 (329)
Open Redirect (297)
HTTPS to HTTP Insecure Transition in Form Post (222)
User Controllable JavaScript Event (XSS) (192)
CSP: Header & Meta (187)
X-Debug-Token Information Leak (178)
Split Viewstate in Use (170)
Directory Browsing - Apache 2 (166)
Username Hash Found (117)
Viewstate without MAC Signature (Sure) (74)
Obsolete Content Security Policy (CSP) Header Found (58)
X-Backend-Server Header Information Leak (44)
Insecure JSF ViewState (34)
User Controllable Charset (22)
Strict-Transport-Security Missing Max-Age (Non-compliant with Spec) (7)
Hash Disclosure - MD5 Crypt (6)
Heartbleed OpenSSL Vulnerability (Indicative) (5)
CSP: script-src unsafe-hashes (5)
CSP: style-src unsafe-hashes (5)
Strict-Transport-Security Max-Age Malformed (Non-compliant with Spec) (5)
Reverse Tabnabbing (4)
Cookie with Invalid SameSite Attribute (4)
Directory Browsing - Microsoft IIS (4)
Strict-Transport-Security Defined via META (Non-compliant with Spec) (2)
Hash Disclosure - BCrypt (2)
Strict-Transport-Security Malformed Content (Non-compliant with Spec) (1)
X-ChromeLogger-Data (XCOLD) Header Information Leak (1)
Hash Disclosure - SHA-512 Crypt (1)
HTTP Parameter Override