KellyDSD
commented
2 years ago HI need SFTP access to look at permissions
Closed heldyboy closed 2 years ago
KellyDSD
commented
2 years ago HI need SFTP access to look at permissions
heldyboy
commented
2 years ago @usman-asrg Please add the comments and picture here.
usman-asrg
commented
2 years ago @heldyboy By going on to the following link: https://securityheaders.com/
You can enter the website: https://asrg.io/
For the results you can check the attached picture
Pankaj here I found Vulnerability on your domain https://asrg.io/
Vulnerability name:CSP: Wildcard Directive
Description: Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, script-src-elem, script-src-attr, style-src, style-src-elem, style-src-attr, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, prefetch-src, form-action
The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
Steps to reproduce:
1)Go to : https://securityheaders.com/ 2) Enter host name https://asrg.io/
3)You will see CSP MISSING
Solution: Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header