-
Notifications
You must be signed in to change notification settings - Fork 19
/
insecure.txt
145 lines (144 loc) · 5.62 KB
/
insecure.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# 'humble' (HTTP Headers Analyzer)
# https://github.com/rfc-st/humble/
#
# MIT License
#
# Copyright (c) 2020-2024 Rafa 'Bluesman' Faura ([email protected])
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
Accept-CH: Deprecated Value
Accept-CH: Ignored Header via Unsafe Scheme
Accept-CH-Lifetime: Deprecated Header
Accept-Patch: Potentially Unsafe Header
Access-Control-Allow-Credentials: Incorrect Values
Access-Control-Allow-Methods: Insecure Methods
Access-Control-Allow-Origin: Unsafe Values
Access-Control-Max-Age: Excessive Value
Activate-Storage-Access: Incorrect Values
Activate-Storage-Access: No Valid Directives
Allow: Insecure Methods
Cache-Control: No Valid Directives
Cache-Control: Recommended Values
Clear-Site-Data: Ignored Header via Unsafe Scheme
Clear-Site-Data: No Valid Directives
Content-Digest: No Secure Algorithms
Content-Digest: Unsafe Algorithms
Content-Disposition: Potentially Unsafe Header
Content-DPR: Deprecated Header
Content-Encoding: No Valid Directives
Content-Security-Policy: Deprecated Directives
Content-Security-Policy: Incorrect Values
Content-Security-Policy: Insecure Schemes
Content-Security-Policy: IP detected
Content-Security-Policy: No Valid Directives
Content-Security-Policy: Too Permissive Sources
Content-Security-Policy: Unsafe Directive
Content-Security-Policy: Unsafe Funcionality
Content-Security-Policy: Unsafe Nonce
Content-Security-Policy: Unsafe Values
Content-Security-Policy-Report-Only: Deprecated Directives
Content-Type: Deprecated Values
Content-Type: Incorrect Value - Response body
Content-Type: Non-HTML MIME type
Content-Type: Unsafe Value
Critical-CH: Ignored Header via Unsafe Scheme
Cross-Origin-Embedder-Policy: No Valid Directives
Cross-Origin-Opener-Policy: No Valid Directives
Cross-Origin-Resource-Policy: No Valid Directives
Digest: Deprecated Header
Document-Policy: No Valid Directives
Etag: Potentially Unsafe Header
Expect-CT: Deprecated Header
Expires: Ignored Header
Feature-Policy: Deprecated Header
HTTP: Domain Via Unsafe Scheme
Keep-Alive: Ignored Header
Large-Allocation: Deprecated Header
NEL: Missing Directives
NEL: No Valid Directives
No-Vary-Search: No Valid Directives
Observe-Browsing-Topics: No Valid Directives
Onion-Location: Potentially Unsafe Header
Origin-Agent-Cluster: No Valid Directives
P3P: Deprecated Header
Permissions-Policy: Deprecated Features
Permissions-Policy: Incorrect Values
Permissions-Policy: No Valid Features
Permissions-Policy: Too Permissive Value
Pragma: Deprecated Header
Proxy-Authenticate: No Valid Directives
Proxy-Authenticate: Unsafe Value
Public-Key-Pins: Deprecated Header
Public-Key-Pins-Report-Only: Deprecated Header
Referrer-Policy: Incorrect Value
Referrer-Policy: Recommended Values
Referrer-Policy: Unsafe Value
Report-To: Deprecated Header
Reporting-Endpoints: Ignored Value
Repr-Digest: No Secure Algorithms
Repr-Digest: Unsafe Algorithms
Server-Timing: Potentially Unsafe Header
Set-Cookie: Cookie Prefixes
Set-Cookie: Insecure Attributes
Set-Cookie: Insecure Schemes
Set-Cookie: Missing Attribute
Set-Login: No Valid Directives
SourceMap: Unsafe Funcionality
Speculation-Rules: Potentially Unsafe Header
Strict-Dynamic: Incorrect Header
Strict-Transport-Security: Duplicated Values
Strict-Transport-Security: Ignored Header via Unsafe Scheme
Strict-Transport-Security: Recommended Values
Strict-Transport-Security: Required Values
Supports-Loading-Mode: Ignored Header via Unsafe Scheme
Supports-Loading-Mode: No Valid Directives
Surrogate-Control: No Valid Directives
Timing-Allow-Origin: Potentially Unsafe Header
Tk: Deprecated Header
Trailer: Disallowed Directives
Transfer-Encoding: No Valid Directives
Vary: Potentially Unsafe Header
Warning: Deprecated Header
Want-Digest: Deprecated Header
WWW-Authenticate: Unsafe Value
X-Content-Security-Policy: Deprecated Header
X-Content-Security-Policy-Report-Only: Deprecated Header
X-Content-Type-Options: Duplicated Values
X-Content-Type-Options: Incorrect Value
X-DNS-Prefetch-Control: Potentially Unsafe Header
X-Download-Options: Deprecated Header
X-Frame-Options: Deprecated Values
X-Frame-Options: Duplicated Values
X-Frame-Options: Incorrect Values
X-Pad: Deprecated Header
X-Permitted-Cross-Domain-Policies: Duplicated Values
X-Permitted-Cross-Domain-Policies: No Valid Directives
X-Permitted-Cross-Domain-Policies: Unsafe Value
X-Pingback: Unsafe Value
X-Robots-Tag: Unsafe Value
X-Robots-Tag: No Valid Directives
X-Runtime: Unsafe Value
X-SourceMap: Deprecated Header
X-UA-Compatible: Deprecated Header
X-UA-Compatible: Incorrect Value - Response body
X-Webkit-CSP: Deprecated Header
X-Webkit-CSP-Report-Only: Deprecated Header
X-XSS-Protection: Deprecated Header
X-XSS-Protection: Duplicated Values
X-XSS-Protection: Unsafe Value