-
Type: New Feature
-
Status: Done
-
Priority: Highest
-
Resolution: Done
-
Labels:
Insecure cookie setting: missing Secure flag
Recommendation
Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.
-----------
Missing security header: Content-Security-Policy
Recommendation
Configure the Content-Security-Header to be sent with each HTTP response in order to apply the specific policies needed by the application.
----------------
Missing security header: Referrer-Policy
Recommendation
The Referrer-Policy header should be configured on the server side to avoid user tracking and inadvertent information leakage. The value `no-referrer` of this header instructs the browser to omit the Referer header entirely.
-------------------
Server software and technology found
Security.txt file is missing
Missing: https://testsfs.turkiyeshell.com/.well-known/security.txt
Recommendation
We recommend you to implement the security.txt file according to the standard, in order to allow researchers or users report any security issues they find, improving the defensive mechanisms of your server.