Missing Security Headers
TaintedPort
Vuln ID
TP-016
Title
Missing Security Headers
Severity
low
Type
Security Misconfiguration
HTTP Method
GET
URL
/*
Parameter
-
Filename
-
Code Location
docker/nginx.conf; backend/api/index.php lines 4-11
Description
The application does not set critical security headers: Strict-Transport-Security (HSTS), X-Content-Type-Options: nosniff, X-Frame-Options.
Proof of Concept
Check response headers on any endpoint.Remediation
Add HSTS, X-Content-Type-Options: nosniff, X-Frame-Options: DENY headers.