unescaped-data-in-htmlattr
formatted-template-string
avoid-bind-to-all-interfaces
wip-xss-using-responsewriter-and-printf
cookie-missing-httponly
cookie-missing-secure
unescaped-data-in-url
pprof-debug-exposure
import "net/http/pprof"
. See https://www.farsightsecurity.com/blog/txt-record/go-remote-profiling-20161028/ for more information and mitigation.use-tls
fs-directory-listing
dynamic-httptrace-clienttrace
unescaped-data-in-js