On Mon, Feb 8, 2021 at 6:24 AM Jason Long <hack3r...@yahoo.com.invalid> wrote: > > Hello, > I scanned my Apache web server and below Vulnerabilities discovered: > > 1- Content Security Policy (CSP) Header Not Set > 2- HTTP to HTTPS Insecure Transition in Form Post > 3- Reverse Tabnabbing > 4- Source Code Disclosure - PHP > 5- Source Code Disclosure - Perl > 6- Sub Resource Integrity Attribute Missing > 7- Absence of Anti-CSRF Tokens > 8- Cookie No HttpOnly Flag > 9- Cookie Without SameSite Attribute > 10- Cross-Domain JavaScript Source File Inclusion > 11- Incomplete or No Cache-control and Pragma HTTP Header Set > 12- Insufficient Site Isolation Against Spectre Vulnerability > 13- Strict-Transport-Security Header Not Set > > I'm thankful if anyone tell me which parameters and headers must be set and > enable in the Apache configuration.
I suggest searching the web for existing explanations/resources. You will also need to address most of these with an understanding of your content. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
