Name |
Rule Type |
Threshold |
Strength |
Session Management Response Identified |
Passive |
MEDIUM |
- |
Verification Request Identified |
Passive |
MEDIUM |
- |
Private IP Disclosure |
Passive |
MEDIUM |
- |
Session ID in URL Rewrite |
Passive |
MEDIUM |
- |
Script Served From Malicious Domain (polyfill) |
Passive |
MEDIUM |
- |
Insecure JSF ViewState |
Passive |
MEDIUM |
- |
Vulnerable JS Library (Powered by Retire.js) |
Passive |
MEDIUM |
- |
Charset Mismatch |
Passive |
MEDIUM |
- |
Cookie No HttpOnly Flag |
Passive |
MEDIUM |
- |
Cookie Without Secure Flag |
Passive |
MEDIUM |
- |
Re-examine Cache-control Directives |
Passive |
MEDIUM |
- |
Cross-Domain JavaScript Source File Inclusion |
Passive |
MEDIUM |
- |
Content-Type Header Missing |
Passive |
MEDIUM |
- |
Anti-clickjacking Header |
Passive |
MEDIUM |
- |
X-Content-Type-Options Header Missing |
Passive |
MEDIUM |
- |
Application Error Disclosure |
Passive |
MEDIUM |
- |
Information Disclosure - Debug Error Messages |
Passive |
MEDIUM |
- |
Information Disclosure - Sensitive Information in URL |
Passive |
MEDIUM |
- |
Information Disclosure - Sensitive Information in HTTP Referrer Header |
Passive |
MEDIUM |
- |
Information Disclosure - Suspicious Comments |
Passive |
MEDIUM |
- |
Open Redirect |
Passive |
MEDIUM |
- |
Cookie Poisoning |
Passive |
MEDIUM |
- |
User Controllable Charset |
Passive |
MEDIUM |
- |
WSDL File Detection |
Passive |
MEDIUM |
- |
User Controllable HTML Element Attribute (Potential XSS) |
Passive |
MEDIUM |
- |
Loosely Scoped Cookie |
Passive |
MEDIUM |
- |
Viewstate |
Passive |
MEDIUM |
- |
Directory Browsing |
Passive |
MEDIUM |
- |
Heartbleed OpenSSL Vulnerability (Indicative) |
Passive |
MEDIUM |
- |
Strict-Transport-Security Header |
Passive |
MEDIUM |
- |
HTTP Server Response Header |
Passive |
MEDIUM |
- |
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) |
Passive |
MEDIUM |
- |
Content Security Policy (CSP) Header Not Set |
Passive |
MEDIUM |
- |
X-Backend-Server Header Information Leak |
Passive |
MEDIUM |
- |
Secure Pages Include Mixed Content |
Passive |
MEDIUM |
- |
HTTP to HTTPS Insecure Transition in Form Post |
Passive |
MEDIUM |
- |
HTTPS to HTTP Insecure Transition in Form Post |
Passive |
MEDIUM |
- |
User Controllable JavaScript Event (XSS) |
Passive |
MEDIUM |
- |
Big Redirect Detected (Potential Sensitive Information Leak) |
Passive |
MEDIUM |
- |
Retrieved from Cache |
Passive |
MEDIUM |
- |
X-ChromeLogger-Data (XCOLD) Header Information Leak |
Passive |
MEDIUM |
- |
Cookie without SameSite Attribute |
Passive |
MEDIUM |
- |
CSP |
Passive |
MEDIUM |
- |
X-Debug-Token Information Leak |
Passive |
MEDIUM |
- |
Username Hash Found |
Passive |
MEDIUM |
- |
X-AspNet-Version Response Header |
Passive |
MEDIUM |
- |
PII Disclosure |
Passive |
MEDIUM |
- |
Script Passive Scan Rules |
Passive |
MEDIUM |
- |
Stats Passive Scan Rule |
Passive |
MEDIUM |
- |
Absence of Anti-CSRF Tokens |
Passive |
MEDIUM |
- |
Timestamp Disclosure |
Passive |
MEDIUM |
- |
Hash Disclosure |
Passive |
MEDIUM |
- |
Cross-Domain Misconfiguration |
Passive |
MEDIUM |
- |
Weak Authentication Method |
Passive |
MEDIUM |
- |
Reverse Tabnabbing |
Passive |
MEDIUM |
- |
Modern Web Application |
Passive |
MEDIUM |
- |
Authentication Request Identified |
Passive |
MEDIUM |
- |