ZAP Scan Baseline Report

[github-actions]

• Site: https://cdnjs.cloudflare.com

• Site: https://preview.owasp-juice.shop
  New Alerts

  • Missing Anti-clickjacking Header [10020] total: 12:
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBkqt&sid=Nf3vhnX9DLURjb2DAAmg
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBllS&sid=6105PxIrKbayzZWjAAml
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBmcc&sid=smExjnaIlvxDuiX3AAmq
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBnaC&sid=X8TL4dPycbIJhf7FAAmv
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBpAm&sid=ndNta8EIM6GUo6B2AAm2
    • ..
  • Session ID in URL Rewrite [3] total: 12:
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBkqu&sid=Nf3vhnX9DLURjb2DAAmg
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBllT&sid=6105PxIrKbayzZWjAAml
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBmcd&sid=smExjnaIlvxDuiX3AAmq
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBnaD&sid=X8TL4dPycbIJhf7FAAmv
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=websocket&sid=6105PxIrKbayzZWjAAml
    • ..
  • Private IP Disclosure [2] total: 1:
    • https://preview.owasp-juice.shop/rest/admin/application-configuration
  • X-Content-Type-Options Header Missing [10021] total: 12:
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBko6
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBkqu&sid=Nf3vhnX9DLURjb2DAAmg
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBlik
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBllT&sid=6105PxIrKbayzZWjAAml
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PCIBmcd&sid=smExjnaIlvxDuiX3AAmq
    • ..

  Ignored Alerts

  • Content Security Policy (CSP) Header Not Set [10038] total: 8:
  • Cross-Domain Misconfiguration [10098] total: 10:
  • Cross-Domain JavaScript Source File Inclusion [10017] total: 6:
  • Dangerous JS Functions [10110] total: 2:
  • Deprecated Feature Policy Header Set [10063] total: 7:
  • Permissions Policy Header Not Set [10063] total: 1:
  • Strict-Transport-Security Header Not Set [10035] total: 11:
  • Timestamp Disclosure - Unix [10096] total: 11:
  • Base64 Disclosure [10094] total: 13:
  • Information Disclosure - Suspicious Comments [10027] total: 2:
  • Modern Web Application [10109] total: 3:
  • Non-Storable Content [10049] total: 1:
  • Re-examine Cache-control Directives [10015] total: 10:
  • Sec-Fetch-Dest Header is Missing [90005] total: 3:
  • Sec-Fetch-Mode Header is Missing [90005] total: 3:
  • Sec-Fetch-Site Header is Missing [90005] total: 3:
  • Sec-Fetch-User Header is Missing [90005] total: 3:
  • Storable and Cacheable Content [10049] total: 1:
  • Storable but Non-Cacheable Content [10049] total: 9:

View the following link to download the report.
RunnerID:11758500564

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. 📆 It will be closed automatically in one week if no further activity occurs.

[github-actions]

• Site: https://cdnjs.cloudflare.com

• Site: https://preview.owasp-juice.shop
  New Alerts

  • Missing Anti-clickjacking Header [10020] total: 12:
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-LqcR&sid=3jkzMJDDGWZQAZkiAAp1
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-LrWW&sid=rXl6bhoapGFiZwc5AAp9
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-LsPV&sid=Fwr0pw6eA1rs6YdmAAqD
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-Lth3&sid=y0jKn9KLZZPfshHiAAqL
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-Luy0&sid=oLANQvvgk4sUN53IAAqT
    • ..
  • Session ID in URL Rewrite [3] total: 12:
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-LqcS&sid=3jkzMJDDGWZQAZkiAAp1
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-LrWX&sid=rXl6bhoapGFiZwc5AAp9
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-LsPZ&sid=Fwr0pw6eA1rs6YdmAAqD
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-LthD&sid=y0jKn9KLZZPfshHiAAqL
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=websocket&sid=3jkzMJDDGWZQAZkiAAp1
    • ..
  • Private IP Disclosure [2] total: 1:
    • https://preview.owasp-juice.shop/rest/admin/application-configuration
  • X-Content-Type-Options Header Missing [10021] total: 12:
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-LqcS&sid=3jkzMJDDGWZQAZkiAAp1
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-LqZs
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-LrTM
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-LrWX&sid=rXl6bhoapGFiZwc5AAp9
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PD-LsK2
    • ..

  Ignored Alerts

  • Content Security Policy (CSP) Header Not Set [10038] total: 8:
  • Cross-Domain Misconfiguration [10098] total: 10:
  • Cross-Domain JavaScript Source File Inclusion [10017] total: 6:
  • Dangerous JS Functions [10110] total: 2:
  • Deprecated Feature Policy Header Set [10063] total: 7:
  • Permissions Policy Header Not Set [10063] total: 1:
  • Strict-Transport-Security Header Not Set [10035] total: 10:
  • Timestamp Disclosure - Unix [10096] total: 10:
  • Base64 Disclosure [10094] total: 11:
  • Information Disclosure - Suspicious Comments [10027] total: 2:
  • Modern Web Application [10109] total: 3:
  • Non-Storable Content [10049] total: 1:
  • Re-examine Cache-control Directives [10015] total: 10:
  • Sec-Fetch-Dest Header is Missing [90005] total: 2:
  • Sec-Fetch-Mode Header is Missing [90005] total: 2:
  • Sec-Fetch-Site Header is Missing [90005] total: 2:
  • Sec-Fetch-User Header is Missing [90005] total: 2:
  • Storable and Cacheable Content [10049] total: 1:
  • Storable but Non-Cacheable Content [10049] total: 8:

View the following link to download the report.
RunnerID:12098605840

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. 📆 It will be closed automatically in one week if no further activity occurs.

[github-actions]

• Site: https://cdnjs.cloudflare.com

• Site: https://cdnjs.cloudflare.com

• Site: https://preview.owasp-juice.shop
  New Alerts

  • Missing Anti-clickjacking Header [10020] total: 12:
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUnZI&sid=gAed3l1WDsE85uzNAAmf
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUoH_&sid=gAed3l1WDsE85uzNAAmf
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUoWL&sid=y1dA6T7HZ-f10fW4AAms
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUpQL&sid=k_ZB6u9UiEbTtvlIAAm2
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUqa0&sid=eNqN6om5gleH1NVVAAnJ
    • ..
  • Session ID in URL Rewrite [3] total: 12:
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUnjj&sid=gAed3l1WDsE85uzNAAmf
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUnZJ&sid=gAed3l1WDsE85uzNAAmf
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUoWQ&sid=y1dA6T7HZ-f10fW4AAms
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUpQQ&sid=k_ZB6u9UiEbTtvlIAAm2
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=websocket&sid=gAed3l1WDsE85uzNAAmf
    • ..
  • Private IP Disclosure [2] total: 1:
    • https://preview.owasp-juice.shop/rest/admin/application-configuration
  • X-Content-Type-Options Header Missing [10021] total: 12:
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUnjj&sid=gAed3l1WDsE85uzNAAmf
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUnVc
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUnZJ&sid=gAed3l1WDsE85uzNAAmf
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUoSO
    • https://preview.owasp-juice.shop/socket.io/?EIO=4&transport=polling&t=PFgUoWQ&sid=y1dA6T7HZ-f10fW4AAms
    • ..

  Ignored Alerts

  • Content Security Policy (CSP) Header Not Set [10038] total: 9:
  • Cross-Domain Misconfiguration [10098] total: 10:
  • Cross-Domain JavaScript Source File Inclusion [10017] total: 6:
  • Dangerous JS Functions [10110] total: 2:
  • Deprecated Feature Policy Header Set [10063] total: 7:
  • Permissions Policy Header Not Set [10063] total: 1:
  • Strict-Transport-Security Header Not Set [10035] total: 11:
  • Timestamp Disclosure - Unix [10096] total: 10:
  • Base64 Disclosure [10094] total: 11:
  • Information Disclosure - Suspicious Comments [10027] total: 2:
  • Modern Web Application [10109] total: 3:
  • Non-Storable Content [10049] total: 1:
  • Re-examine Cache-control Directives [10015] total: 8:
  • Sec-Fetch-Dest Header is Missing [90005] total: 3:
  • Sec-Fetch-Mode Header is Missing [90005] total: 3:
  • Sec-Fetch-Site Header is Missing [90005] total: 3:
  • Sec-Fetch-User Header is Missing [90005] total: 3:
  • Storable and Cacheable Content [10049] total: 1:
  • Storable but Non-Cacheable Content [10049] total: 9:

View the following link to download the report.
RunnerID:12447511854