ZAP Scan Baseline Report #2902
Description
- Site: https://vcptcore-dev.govirto.com
New Alerts- CSP: Wildcard Directive [10055] total: 2:
- CSP: script-src unsafe-inline [10055] total: 2:
- CSP: style-src unsafe-inline [10055] total: 2:
- Sub Resource Integrity Attribute Missing [90003] total: 3:
- Cookie without SameSite Attribute [10054] total: 3:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 3:
- Dangerous JS Functions [10110] total: 4:
- https://vcptcore-dev.govirto.com/dist/app.js?v=NjNuhMsrOuREVD4JrlxIP6CuIWMuxzAZerR9I129NcI
- https://vcptcore-dev.govirto.com/dist/vendor.js?v=2rqg0mIyDrr5-feZwarmvqbPrlFlbE_-fP5jD0YgbfY
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.CustomerExportImport)/dist/app.js?v=gzYt_guNfhhv9Gp-fOebQZJsh9V73cPZ5zQUdH5iRcA
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Notifications)/dist/app.js?v=nGsnQptMzMJFMmrXJdCYjOkVTx3OsgA8eAELF0JqK14
- Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 11:
- https://vcptcore-dev.govirto.com
- https://vcptcore-dev.govirto.com/
- https://vcptcore-dev.govirto.com/favicon.ico
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Catalog)/dist/style.css?v=uIjW72ycY9DvZUXzNVVbvSt7cIlSjLGGuwsc-WE0CR8
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Content)/dist/style.css?v=W-ZSCF_AdUts-t2_DjAEWtDegp-FsKjC4ncgpOuB07Y
- ..
- Permissions Policy Header Not Set [10063] total: 11:
- https://vcptcore-dev.govirto.com
- https://vcptcore-dev.govirto.com/
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Assets)/dist/app.js?v=CUBQus5NuARE0JP9znNYzikAV0QOTQ4YnR6yXdr2o5w
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Core)/dist/app.js?v=9XQKZKbGD78S8ejeAPFH1b3z2jCDnf8i-3VTrTEoC9Q
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Customer)/dist/app.js?v=bVsf7O8ficYGZEKBiTedVbf2Dc0Sy-H5q6JKGngXgAY
- ..
- Strict-Transport-Security Header Not Set [10035] total: 1:
- Timestamp Disclosure - Unix [10096] total: 1:
- Base64 Disclosure [10094] total: 12:
- https://vcptcore-dev.govirto.com
- https://vcptcore-dev.govirto.com
- https://vcptcore-dev.govirto.com/
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Catalog)/dist/style.css?v=uIjW72ycY9DvZUXzNVVbvSt7cIlSjLGGuwsc-WE0CR8
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Content)/dist/style.css?v=W-ZSCF_AdUts-t2_DjAEWtDegp-FsKjC4ncgpOuB07Y
- ..
- Information Disclosure - Suspicious Comments [10027] total: 5:
- https://vcptcore-dev.govirto.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
- https://vcptcore-dev.govirto.com/dist/app.js?v=NjNuhMsrOuREVD4JrlxIP6CuIWMuxzAZerR9I129NcI
- https://vcptcore-dev.govirto.com/dist/vendor.js?v=2rqg0mIyDrr5-feZwarmvqbPrlFlbE_-fP5jD0YgbfY
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Catalog)/dist/app.js?v=Bhn2CLwPHqF-p3FllNPYYtuxPvfcbBMo0Ot211pJ88o
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.CustomerExportImport)/dist/app.js?v=gzYt_guNfhhv9Gp-fOebQZJsh9V73cPZ5zQUdH5iRcA
- Modern Web Application [10109] total: 2:
- Re-examine Cache-control Directives [10015] total: 3:
- Sec-Fetch-Dest Header is Missing [90005] total: 4:
- Sec-Fetch-Mode Header is Missing [90005] total: 4:
- Sec-Fetch-Site Header is Missing [90005] total: 4:
- Sec-Fetch-User Header is Missing [90005] total: 4:
- Session Management Response Identified [10112] total: 4:
- Storable and Cacheable Content [10049] total: 11:
- https://vcptcore-dev.govirto.com
- https://vcptcore-dev.govirto.com/
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Catalog)/dist/style.css?v=uIjW72ycY9DvZUXzNVVbvSt7cIlSjLGGuwsc-WE0CR8
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Content)/dist/style.css?v=W-ZSCF_AdUts-t2_DjAEWtDegp-FsKjC4ncgpOuB07Y
- https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Core)/dist/style.css?v=JxV59GTG-OlnR0vCng7qmL0bUL_hI5YdQOSjYMpqEsw
- ..
View the following link to download the report.
RunnerID:13927901613