issues
search
securityheaders
/
securityheaders-bugs
Bug tracker for https://securityheaders.io
20
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Are the IP adresses listed at .well-known/ipv4.txt correct?
#112
emilbjorklund
opened
6 months ago
0
API response is missing correct content
#111
sverrets
opened
1 year ago
1
New API Authorization requirement and options for Open Source projects
#110
calebcartwright
opened
1 year ago
5
API response property types are not consistent
#109
sverrets
closed
1 year ago
1
Rest API
#108
malupo
closed
1 year ago
1
CSP http-equiv meta tags not recognized
#107
mdekstrand
closed
1 year ago
2
Use of permissions-policy is recommended but not yet supported by browsers
#106
qberdugo
closed
1 year ago
0
[feature] Custom User-Agent String
#105
andrdrou
closed
1 year ago
1
Don't require redundant STS on preloaded TLDs
#104
Seirdy
closed
2 years ago
1
Don't require Permissions-Policy if it's redundant
#103
Seirdy
opened
3 years ago
0
CSP show missing even though it is configured.
#102
mmartire-prosper
opened
3 years ago
1
Security Headers not showing
#101
ghost
opened
3 years ago
1
'unsafe-inline' in style-src directive capping score to A when it should probably not
#100
joelbourbon
opened
3 years ago
2
Expect-CT is obsolete
#99
hannob
opened
3 years ago
2
Permissions-Policy check wrongly accepts single quote as origin enclosing character
#98
Peneheals
opened
3 years ago
1
Permissions-Policy check wrongly accepts ";" character as a good separator
#97
Peneheals
opened
3 years ago
0
Reports a grade C when sister site is A and identical settings
#96
johndball
closed
2 years ago
2
How bad is it to not include security headers when redirecting from Http to Https?
#95
nulltoken
opened
3 years ago
1
securityheaders follows redirect that doesn't exist
#94
weinzierl
opened
3 years ago
0
Does not read Content Security Policy from html meta tag
#93
Zaita
closed
3 years ago
2
Trusted-Types
#92
craigfrancis
opened
3 years ago
0
Security headers not detected, "F" score
#91
mrmatteastwood
opened
3 years ago
2
different results in scan vs headers when inspected in dev tools
#90
churchthecat
opened
3 years ago
0
why raw headers differ from chrome dev tools?
#89
churchthecat
closed
4 years ago
1
Sorry about that... Something went wrong there! Maybe check the URL and try again?
#88
pinkfloydFR
opened
4 years ago
0
Permissions-Policy invalid directive warning for screen-wake-lock and web-share
#87
braedon
closed
4 years ago
1
content-security-policy header is not detected
#86
jesvinjames
closed
4 years ago
1
Redirected root domain not being scanned properly
#85
dreckner
opened
4 years ago
1
SecureHeader site shows header missing if i add the header through code instead of web.config file
#84
shyambhiogade
opened
4 years ago
2
Highlight of feature policy incorrect for xr-spatial-tracking
#83
smarek
closed
3 years ago
3
passing JWT to validate using an authenticated call
#82
phuot
opened
4 years ago
0
Server tokens via http2
#81
mrjackwills
opened
4 years ago
0
Strange Behavior
#80
g-pearl
opened
4 years ago
0
Giving missing headers errors for non-html content types
#79
mattwowza
opened
4 years ago
1
Validating that __Host and __Secure prefixed cookies contain required attributes
#78
smarek
opened
4 years ago
0
Maybe disable Feature-Policy check for now, or make it optional
#77
dimaqq
opened
4 years ago
4
HSTS max-age not recognised
#76
dimaqq
closed
4 years ago
2
Feature request: Cross-Origin-Embedder-Policy/Cross-Origin-Opener-Policy
#75
hannob
opened
4 years ago
1
Minor spelling error in X-XSS-Protection
#74
DanAtkinson
opened
4 years ago
0
Without fetch directives completed, A+ seems still feasible
#73
BartVrancken
opened
4 years ago
1
Referrer-Policy gives red if not set, but green with default value
#72
hannob
opened
4 years ago
4
CSP: object-src value
#71
cgzones
opened
5 years ago
0
Did the required headers for an "A" score change?
#70
jessuppi
opened
5 years ago
2
display-capture is detected as an invalid feature-policy directive
#69
evilaliv3
opened
5 years ago
1
Content Security Policy: getting an A+ grade without XSS protection
#68
sebkln
opened
5 years ago
0
False results from cloudflare sites.
#67
no-replies
closed
5 years ago
2
Server Header should be flagged for AmazonS3 server headers
#66
IAmATeaPot418
closed
5 years ago
1
Multiple Referrer-Policy values not parsed correctly
#65
bitnesswise
closed
5 years ago
1
Dubious Referrer-Policy warning
#64
jribbens
closed
5 years ago
3
Improvement > Jira Integration
#63
Alon87
closed
5 years ago
1
Next