Missing secure browser headers

missing-secure-browser-headers

The app is missing secure HTTP headers that attempt to mitigate XSS, click-jacking, and content-sniffing attacks. Missing Secure HTTP Headers is flagged by this rule when a pipeline accepts “html” requests, but does not implement the :put_secure_browser_headers plug.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-693: Protection Mechanism Failure
OWASP:
- A05:2021 - Security Misconfiguration

Missing csrf protections Fingerprints

⌘I

Start Here

Setup

Pull Request Review

Scan center

Integrations

IDE

CLI

Rule Reference

Resources

Missing secure browser headers