V14 - Config
Lack of Security Headers
POC
Intercept the HTTP request and observe that one or more of these headers are missing - X-Frame-Options - Cache-Control for a Non-Sensitive Page - X-XSS-Protection - Strict-Transport-Security - X-Content-Type-Options - Content-Security-Policy - Public-Key-Pins - X-Content-Security-Policy - X-Webkit-CSP - Content-Security-Policy-Report-Only - Cache-Control for a Sensitive Page
Impact
Very Low
Likelihood
Very Low