You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/security-center/security-insights/index.mdx
+4Lines changed: 4 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,6 +28,9 @@ Listed below are the specific insights currently available:
28
28
|[Domains without HSTS](/ssl/edge-certificates/additional-options/http-strict-transport-security/)| HTTP Strict Transport Security (`HSTS`), is a header which allows a website to specify and enforce security policy in client web browsers. This policy enforcement protects secure websites from downgrade attacks SSL stripping and cookie hijacking. |
29
29
|[Exposed RDP Servers](/cloudflare-one/connections/connect-networks/use-cases/rdp/)| We detect an RDP server that is exposed to the public Internet. |
30
30
|[Get notified of malicious client-side scripts](/page-shield/detection/configure-alerts/)| We detect that Page Shield alerts are not configured. You will not receive notifications when we detect potential malicious scripts executing in your client-side environment. |
31
+
|[Increased body response size detected on API endpoints](/api-shield/management-and-monitoring/endpoint-labels/)| Investigate changes, abuse, or successful attacks that may have led to this increase in response body size. |
32
+
|[Increased errors detected on API endpoints](/api-shield/management-and-monitoring/endpoint-labels/)| Investigate changes, abuse, or successful attacks that may have led to this increase in errors. |
33
+
|[Increased latency detected on API endpoints](/api-shield/management-and-monitoring/endpoint-labels/)| Investigate changes, abuse, or successful attacks that may have led to this increase in response latency. |
31
34
|[Managed Rules not deployed](/waf/managed-rules/reference/cloudflare-managed-ruleset/)| No managed rules deployed on a WAF protected domain. |
32
35
|[Migrate to new Managed Rules](/waf/reference/migration-guides/waf-managed-rules-migration/)| Migration to new Managed Rules system required for optimal protection. |
33
36
|[Mixed-authentication API endpoints detected](/api-shield/management-and-monitoring/endpoint-labels/#managed-labels)| Not all of the successful requests against API endpoints carried session identifiers. |
@@ -36,6 +39,7 @@ Listed below are the specific insights currently available:
36
39
|[Overprovisioned Access Policies](/cloudflare-one/policies/access/)| We detect an Access policy to allow everyone access to your application. |
|[SPF Record Errors](/dns/manage-dns-records/reference/dns-record-types/#spf)| We detect an incorrect or missing `SPF` record. |
42
+
|[Schema Validation missing from eligible API endpoints](/api-shield/security/schema-validation/)| Apply the learned schema to protect your API against fuzzing attacks. |
39
43
|[Sensitive data in API response](/api-shield/management-and-monitoring/#sensitive-data-detection)| Sensitive data in API responses detected. |
40
44
|[Turn on JavaScript Detection](/bots/reference/javascript-detections/)| One or more of your Bot Management enabled zones does not have JavaScript Detection enabled, which is a critical part of our bot detection suite. |
41
45
|[Unassigned Access seats](/cloudflare-one/)| We detect a Zero Trust subscription that is not configured yet. |
0 commit comments