Hello, I scanned my Apache web server and below Vulnerabilities discovered:
1- Content Security Policy (CSP) Header Not Set 2- HTTP to HTTPS Insecure Transition in Form Post 3- Reverse Tabnabbing 4- Source Code Disclosure - PHP 5- Source Code Disclosure - Perl 6- Sub Resource Integrity Attribute Missing 7- Absence of Anti-CSRF Tokens 8- Cookie No HttpOnly Flag 9- Cookie Without SameSite Attribute 10- Cross-Domain JavaScript Source File Inclusion 11- Incomplete or No Cache-control and Pragma HTTP Header Set 12- Insufficient Site Isolation Against Spectre Vulnerability 13- Strict-Transport-Security Header Not Set I'm thankful if anyone tell me which parameters and headers must be set and enable in the Apache configuration. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
