Please enable JavaScript.
Coggle requires JavaScript to display documents.
ACA WebSite Security Analysis - Coggle Diagram
ACA WebSite Security Analysis
Use of JavaScript Library with Known Vulnerability
Bootstrap 3.3.7
jQuery 1.12.4
XSS via 3rd party
parseHTML() executes scripts in event handlers
Mishandles jQuery.extend lead to backdoor
Improper regex uses lead to XSS
Passing HTML from untrusted sources
Modernizr 2.8.3
SSL/TLS
SSL Certificate - Information
TLS Secure Renegotiation Extension Support Information
SSL Session Caching Information
SSL Server Information Retrieval
SSL/TLS invalid protocol version tolerance
SSL/TLS Key Exchange Methods
SSL/TLS Protocol Properties
SSL Certificate Transparency Information
Misconfiguration
HTTP Header configuration
Missing header: X-Frame-Options
Missing header: X-Content-Type-Options
Missing header: X-XSS-Protection
Missing header: Referrer-Policy
Missing header: Feature-Policy
HTTP Strict Transport Security (HSTS) header missing or misconfigured
X-Frame-Options header is not set
Content-Security-Policy Not Implemented
Server accepts unnecessarily large POST request body
Subresource Integrity (SRI) Not Implemented
Virtual Host Discovered
Scan Diagnostics
Issues
Connection Error Occurred During Web Application Scan
HTTP Response Indicates Scan May Be Blocked
Facets
DNS Host Name
Third-party Cookies Collected
Cookies Collected
AJAX Links Crawled
Host Scan Time
Links Crawled
Forms Crawled
External Links Discovered
Email Addresses Collected
Others
Protection against Clickjacking
Form Contains Email Address Field
Cookies Issued Without User Consent
Path Disclosure
Path-relative stylesheet import (PRSSI) vulnerability
Links With High Resource Consumption