You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello
we run Snipe-IT on our own Linux server (in docker) and from an external scan it has been flagged to us that there are missing HTTP response headers, and an insecure cookie. It is a low risk finding, but nevertheless would be good to resolve if possible, any ideas?
Strict-Transport-Security header not found
Content-Security-Policy header not found
Permissions-Policy header not found
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello
we run Snipe-IT on our own Linux server (in docker) and from an external scan it has been flagged to us that there are missing HTTP response headers, and an insecure cookie. It is a low risk finding, but nevertheless would be good to resolve if possible, any ideas?
Strict-Transport-Security header not found
Content-Security-Policy header not found
Permissions-Policy header not found
"Cookie ID: ******************
Cookie Name: XSRF-TOKEN
Expires: 720000
HTTPOnly: False
Path: /
Secure: False"
we have verified this on securityheaders.com
The server already includes an X-Content-Type-Options, Referrer-Policy and X-Frame-Options headers. do a question of where to add the additional ones?
Beta Was this translation helpful? Give feedback.
All reactions