Dear Team,
As part of our internal scans, we have performed a scan on (RSA 8.6 SP3) app and got the following findings. Kindly recommend us the best practice for patching.
- Body Parameters Accepted in Query
- Cacheable SSL Page Found
- Cookie with Insecure or Improper or Missing SameSite attribute
- Missing "Content-Security-Policy" header
- Missing or Insecure "Frame-Ancestors" policy in "Content-Security-Policy" header
- Missing or Insecure "Object-Src" policy in "Content-Security-Policy" header
- Missing or Insecure "Script-Src" policy in "Content-Security-Policy" header
- Missing or Insecure "Style-Src" policy in "Content-Security-Policy"
- Missing or insecure "X-Content-Type-Options" header
- Missing or insecure HTTP Strict-Transport-Security Header
Regards
