ZAP Full Scan Report

- Site: [https://qa.mavistesting.com](https://qa.mavistesting.com) 
 	 **New Alerts** 
	- **Content Security Policy (CSP) Header Not Set** [10038] total: 4:  
		- [https://qa.mavistesting.com/accessibility-statement](https://qa.mavistesting.com/accessibility-statement) 
		- [https://qa.mavistesting.com/start](https://qa.mavistesting.com/start) 
		- [https://qa.mavistesting.com/users/sign-in](https://qa.mavistesting.com/users/sign-in) 
		- [https://qa.mavistesting.com/users/sign-in](https://qa.mavistesting.com/users/sign-in) 
	- **Proxy Disclosure** [40025] total: 20:  
		- [https://qa.mavistesting.com](https://qa.mavistesting.com) 
		- [https://qa.mavistesting.com/](https://qa.mavistesting.com/) 
		- [https://qa.mavistesting.com/accessibility-statement](https://qa.mavistesting.com/accessibility-statement) 
		- [https://qa.mavistesting.com/assets](https://qa.mavistesting.com/assets) 
		- [https://qa.mavistesting.com/assets/application](https://qa.mavistesting.com/assets/application) 
		- .. 
	- **Application Error Disclosure** [90022] total: 1:  
		- [https://qa.mavistesting.com/sitemap.xml](https://qa.mavistesting.com/sitemap.xml) 
	- **Cookie Slack Detector** [90027] total: 11:  
		- [https://qa.mavistesting.com/assets](https://qa.mavistesting.com/assets) 
		- [https://qa.mavistesting.com/assets/application](https://qa.mavistesting.com/assets/application) 
		- [https://qa.mavistesting.com/assets/application-6aabb0a3.css](https://qa.mavistesting.com/assets/application-6aabb0a3.css) 
		- [https://qa.mavistesting.com/assets/application-d784cb1e.js](https://qa.mavistesting.com/assets/application-d784cb1e.js) 
		- [https://qa.mavistesting.com/assets/application/icon-180-b102637e.png](https://qa.mavistesting.com/assets/application/icon-180-b102637e.png) 
		- .. 
	- **Cookie without SameSite Attribute** [10054] total: 6:  
		- [https://qa.mavistesting.com/accessibility-statement](https://qa.mavistesting.com/accessibility-statement) 
		- [https://qa.mavistesting.com/dashboard](https://qa.mavistesting.com/dashboard) 
		- [https://qa.mavistesting.com/manifest/application-c6c1c9a9.json](https://qa.mavistesting.com/manifest/application-c6c1c9a9.json) 
		- [https://qa.mavistesting.com/start](https://qa.mavistesting.com/start) 
		- [https://qa.mavistesting.com/users/sign-in](https://qa.mavistesting.com/users/sign-in) 
		- .. 
	- **Information Disclosure - Debug Error Messages** [10023] total: 1:  
		- [https://qa.mavistesting.com/sitemap.xml](https://qa.mavistesting.com/sitemap.xml) 
	- **Insufficient Site Isolation Against Spectre Vulnerability** [90004] total: 9:  
		- [https://qa.mavistesting.com/assets/application/icon-180-b102637e.png](https://qa.mavistesting.com/assets/application/icon-180-b102637e.png) 
		- [https://qa.mavistesting.com/assets/favicon-2be3abc8.svg](https://qa.mavistesting.com/assets/favicon-2be3abc8.svg) 
		- [https://qa.mavistesting.com/assets/favicon-65dc20c7.ico](https://qa.mavistesting.com/assets/favicon-65dc20c7.ico) 
		- [https://qa.mavistesting.com/assets/icon-mask-aa290807.svg](https://qa.mavistesting.com/assets/icon-mask-aa290807.svg) 
		- [https://qa.mavistesting.com/manifest/application-c6c1c9a9.json](https://qa.mavistesting.com/manifest/application-c6c1c9a9.json) 
		- .. 
	- **Permissions Policy Header Not Set** [10063] total: 5:  
		- [https://qa.mavistesting.com/accessibility-statement](https://qa.mavistesting.com/accessibility-statement) 
		- [https://qa.mavistesting.com/assets/application-d784cb1e.js](https://qa.mavistesting.com/assets/application-d784cb1e.js) 
		- [https://qa.mavistesting.com/start](https://qa.mavistesting.com/start) 
		- [https://qa.mavistesting.com/users/sign-in](https://qa.mavistesting.com/users/sign-in) 
		- [https://qa.mavistesting.com/users/sign-in](https://qa.mavistesting.com/users/sign-in) 
	- **Timestamp Disclosure - Unix** [10096] total: 1:  
		- [https://qa.mavistesting.com/assets/application-6aabb0a3.css](https://qa.mavistesting.com/assets/application-6aabb0a3.css) 
	- **X-Content-Type-Options Header Missing** [10021] total: 7:  
		- [https://qa.mavistesting.com/assets/application-6aabb0a3.css](https://qa.mavistesting.com/assets/application-6aabb0a3.css) 
		- [https://qa.mavistesting.com/assets/application-d784cb1e.js](https://qa.mavistesting.com/assets/application-d784cb1e.js) 
		- [https://qa.mavistesting.com/assets/application/icon-180-b102637e.png](https://qa.mavistesting.com/assets/application/icon-180-b102637e.png) 
		- [https://qa.mavistesting.com/assets/favicon-2be3abc8.svg](https://qa.mavistesting.com/assets/favicon-2be3abc8.svg) 
		- [https://qa.mavistesting.com/assets/favicon-65dc20c7.ico](https://qa.mavistesting.com/assets/favicon-65dc20c7.ico) 
		- .. 
	- **Authentication Request Identified** [10111] total: 1:  
		- [https://qa.mavistesting.com/users/sign-in](https://qa.mavistesting.com/users/sign-in) 
	- **Cookie Slack Detector** [90027] total: 4:  
		- [https://qa.mavistesting.com/accessibility-statement](https://qa.mavistesting.com/accessibility-statement) 
		- [https://qa.mavistesting.com/manifest](https://qa.mavistesting.com/manifest) 
		- [https://qa.mavistesting.com/start](https://qa.mavistesting.com/start) 
		- [https://qa.mavistesting.com/users/sign-in](https://qa.mavistesting.com/users/sign-in) 
	- **Information Disclosure - Suspicious Comments** [10027] total: 1:  
		- [https://qa.mavistesting.com/assets/application-d784cb1e.js](https://qa.mavistesting.com/assets/application-d784cb1e.js) 
	- **Non-Storable Content** [10049] total: 5:  
		- [https://qa.mavistesting.com/](https://qa.mavistesting.com/) 
		- [https://qa.mavistesting.com/dashboard](https://qa.mavistesting.com/dashboard) 
		- [https://qa.mavistesting.com/manifest/application-c6c1c9a9.json](https://qa.mavistesting.com/manifest/application-c6c1c9a9.json) 
		- [https://qa.mavistesting.com/sitemap.xml](https://qa.mavistesting.com/sitemap.xml) 
		- [https://qa.mavistesting.com/start](https://qa.mavistesting.com/start) 
	- **Re-examine Cache-control Directives** [10015] total: 5:  
		- [https://qa.mavistesting.com/accessibility-statement](https://qa.mavistesting.com/accessibility-statement) 
		- [https://qa.mavistesting.com/manifest/application-c6c1c9a9.json](https://qa.mavistesting.com/manifest/application-c6c1c9a9.json) 
		- [https://qa.mavistesting.com/robots.txt](https://qa.mavistesting.com/robots.txt) 
		- [https://qa.mavistesting.com/start](https://qa.mavistesting.com/start) 
		- [https://qa.mavistesting.com/users/sign-in](https://qa.mavistesting.com/users/sign-in) 
	- **Session Management Response Identified** [10112] total: 6:  
		- [https://qa.mavistesting.com/accessibility-statement](https://qa.mavistesting.com/accessibility-statement) 
		- [https://qa.mavistesting.com/dashboard](https://qa.mavistesting.com/dashboard) 
		- [https://qa.mavistesting.com/manifest/application-c6c1c9a9.json](https://qa.mavistesting.com/manifest/application-c6c1c9a9.json) 
		- [https://qa.mavistesting.com/start](https://qa.mavistesting.com/start) 
		- [https://qa.mavistesting.com/users/sign-in](https://qa.mavistesting.com/users/sign-in) 
		- .. 
	- **Storable and Cacheable Content** [10049] total: 5:  
		- [https://qa.mavistesting.com/assets/application/icon-180-b102637e.png](https://qa.mavistesting.com/assets/application/icon-180-b102637e.png) 
		- [https://qa.mavistesting.com/assets/favicon-2be3abc8.svg](https://qa.mavistesting.com/assets/favicon-2be3abc8.svg) 
		- [https://qa.mavistesting.com/assets/favicon-65dc20c7.ico](https://qa.mavistesting.com/assets/favicon-65dc20c7.ico) 
		- [https://qa.mavistesting.com/assets/icon-mask-aa290807.svg](https://qa.mavistesting.com/assets/icon-mask-aa290807.svg) 
		- [https://qa.mavistesting.com/robots.txt](https://qa.mavistesting.com/robots.txt) 
	- **User Agent Fuzzer** [10104] total: 132:  
		- [https://qa.mavistesting.com](https://qa.mavistesting.com) 
		- [https://qa.mavistesting.com](https://qa.mavistesting.com) 
		- [https://qa.mavistesting.com](https://qa.mavistesting.com) 
		- [https://qa.mavistesting.com](https://qa.mavistesting.com) 
		- [https://qa.mavistesting.com](https://qa.mavistesting.com) 
		- .. 



View the [following link](https://github.com/NHSDigital/manage-vaccinations-in-schools-testing/actions/runs/17947727963) to download the report.
RunnerID:17947727963

---
[ZAP by Checkmarx](https://checkmarx.com/)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ZAP Full Scan Report #639

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

ZAP Full Scan Report #639

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions