Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V14 - Config

Lack of Security Headers

POC

Intercept the HTTP request and observe that one or more of these headers are missing - X-Frame-Options - Cache-Control for a Non-Sensitive Page - X-XSS-Protection - Strict-Transport-Security - X-Content-Type-Options - Content-Security-Policy - Public-Key-Pins - X-Content-Security-Policy - X-Webkit-CSP - Content-Security-Policy-Report-Only - Cache-Control for a Sensitive Page

Impact

Very Low

Likelihood

Very Low