Missing HTTP ONLY attribute in session cookie
<session-config>
<cookie-config>
<http-only>true</http-only>
</session-config>
</cookie-config>
CHECKS FOR SRI SUPPORT
Not supporting SRI
<script src="https://example.com/example-framework.js"
crossorigin="anonymous"></script>
Supporting SRI
<script src="https://example.com/example-framework.js"
integrity="sha384-
oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC
crossorigin="anonymous"></script>
No comments:
Post a Comment