-
- Site: [https://laughing-train-4p474qj7p94hgjx-3000.app.github.dev](https://laughing-train-4p474qj7p94hgjx-3000.app.github.dev)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set**…
-
- Site: [https://test.educationdataexchange.gov.bc.ca](https://test.educationdataexchange.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://test.educationd…
-
**Is your feature request related to a problem? Please describe.**
Some organizations have both a policy on what to do when they receive a report (bug bounty policy) and a separate policy on what the…
-
Please create a security policy detailing contact information, as this helps security researchers privately report issues.
> The most important step in the process is providing a way for security r…
-
I'm noticing that none of the policies currently listed have `disclosure_timeline_days` set. However, it's a requirement if `co-ordinated` is set. This seems like overly restrictive for a org declarin…
-
- Site: [http://localhost:3000](http://localhost:3000)
**New Alerts**
- **CSP: style-src unsafe-inline** [10055] total: 4:
- [http://localhost:3000](http://localhost:3000)
- [http://local…
-
- Site: [https://www.test-hisschweiz.ch](https://www.test-hisschweiz.ch)
**New Alerts**
- **Absence of Anti-CSRF Tokens** [10202] total: 3:
- [https://www.test-hisschweiz.ch](https://www.tes…
-
- Site: [https://test.educationdataexchange.gov.bc.ca](https://test.educationdataexchange.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://test.educationd…
-
This ticket is initially opened by @mars-lan, which was accidentally deleted. Here is the image for reference
![image](https://github.com/user-attachments/assets/cca31c22-21c2-42d3-a1a4-178448bedcd4)…
-
- Site: [https://www.zaproxy.org](https://www.zaproxy.org)
**New Alerts**
- **PII Disclosure** [10062] total: 2:
- [https://www.zaproxy.org/docs/desktop/addons/websockets/pscanrules/](https:…