Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Lang
- Phoenix
- Security
- Action-reuse-csrf
- Cross-site-websocket-hijacking
- Hardcoded-secrets
- Hsts-not-enabled
- Https-not-enabled
- Missing-csp
- Missing-csrf-protections
- Missing-secure-browser-headers
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Missing-secure-browser-headers
Missing secure browser headers
The app is missing secure HTTP headers that attempt to mitigate XSS, click-jacking, and content-sniffing attacks. Missing Secure HTTP Headers is flagged by this rule when a pipeline accepts “html” requests, but does not implement the :put_secure_browser_headers
plug.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-693: Protection Mechanism Failure
OWASP:
- A05:2021 - Security Misconfiguration