Advanced Search
Search Results
395 total results found
Unencrypted Telnet Server
XSLT Injection
Apache webserver
Plesk
Microsoft IIS webserver
Nginx webserver
Apache webserver
Plesk
WordPress
Joomla
Drupal
Microsoft IIS webserver
Nginx webserver
Apache webserver
Plesk
WordPress
Joomla
Drupal
Generic / Developer guidance
WordPress
Joomla
Drupal
Remediation Steps
Follow the steps below to remediate this finding on Apache webserver. Remove the Indexes option from the Directory directive in your Apache configuration:<Directory /var/www/html> Options -Indexes </Directory>Alternatively, add the following to your .htaccess ...
Remediation Steps
Follow the steps below to remediate this finding on Plesk. Log in to Plesk.Go to Domains > your domain > Apache & nginx Settings.Under "Additional Apache directives", add:Options -IndexesClick Apply.
Remediation Steps
Follow the steps below to remediate this finding on Microsoft IIS webserver. Open IIS Manager.Select your website.Double-click HTTP Response Headers.Click Add in the Actions pane and enter:NAME: Content-Security-PolicyVALUE: default-src 'self'; script-src 'sel...
Remediation Steps
Follow the steps below to remediate this finding on Nginx webserver. In your nginx.conf server block, add:add_header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none';" always;Reload Nginx:sudo systemctl reload nginxNote: Start ...
Remediation Steps
Follow the steps below to remediate this finding on Apache webserver. Ensure mod_headers is enabled:sudo a2enmod headersAdd to your apache2.conf or VirtualHost configuration:Header always set Content-Security-Policy "default-src 'self'; script-src 'self'; obje...
Remediation Steps
Follow the steps below to remediate this finding on Plesk. Log in to the Plesk control panel.Navigate to Domains > your domain > Apache & nginx Settings.Under "Additional nginx directives", add:add_header Content-Security-Policy "default-src 'self'; script-src...
Remediation Steps
Follow the steps below to remediate this finding on WordPress. Add the following to your theme's functions.php file:add_action('send_headers', function() { header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'none...
Remediation Steps
Follow the steps below to remediate this finding on Joomla. Edit the .htaccess file in the Joomla root directory and add:<IfModule mod_headers.c> Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'none...
Remediation Steps
Follow the steps below to remediate this finding on Drupal. Install and enable the Security Kit (SecKit) module:composer require drupal/seckit drush en seckitNavigate to Admin > Configuration > System > Security Kit.Under the "Content Security Policy" section,...
Remediation Steps
Follow the steps below to remediate this finding on Microsoft IIS webserver. In web.config, use URL Rewrite to append SameSite=Lax or SameSite=Strict to Set-Cookie headers:<rewrite> <outboundRules> <rule name="Add SameSite" preCondition="No SameSite"> <match s...
Remediation Steps
Follow the steps below to remediate this finding on Nginx webserver. Use the proxy_cookie_flags directive (nginx >= 1.19.3):proxy_cookie_flags ~ SameSite=Lax;For older versions, use the lua-nginx-module or configure the application itself to set the correct Sa...
Remediation Steps
Follow the steps below to remediate this finding on Apache webserver. Ensure mod_headers is enabled:sudo a2enmod headersAdd to your VirtualHost or .htaccess:Header always edit Set-Cookie (.*) "$1; SameSite=Lax"Reload Apache:sudo systemctl reload apache2
Remediation Steps
Follow the steps below to remediate this finding on Plesk. Log in to the Plesk control panel.Navigate to Domains > your domain > Apache & nginx Settings.Under "Additional Apache directives", add:Header always edit Set-Cookie (.*) "$1; SameSite=Lax"Click Apply.
Remediation Steps
Follow the steps below to remediate this finding on WordPress. Add the following to wp-config.php to set SameSite=Lax on the WordPress session cookie:@ini_set('session.cookie_samesite', 'Lax');For the auth cookies, add to functions.php:add_filter('set_auth_coo...
Remediation Steps
Follow the steps below to remediate this finding on Joomla. In your Joomla configuration.php, set:public $cookie_domain = '';For Joomla 4+, edit libraries/src/Application/WebApplication.php or use the session configuration in Global Configuration > System > Se...
Remediation Steps
Follow the steps below to remediate this finding on Drupal. In settings.php, configure the session cookie:ini_set('session.cookie_samesite', 'Lax');For Drupal 9+, add to settings.php:$settings['session_handler_class'] = '\Drupal\Core\Session\SessionHandler';Sa...
Remediation Steps
Follow the steps below to remediate this finding on Generic / Developer guidance. Only load JavaScript from origins you control or that you explicitly trust.Audit all <script src="..."> tags and JavaScript includes and replace any unnecessary third-party sourc...
Remediation Steps
Follow the steps below to remediate this finding on WordPress. Audit scripts enqueued via wp_enqueue_script() and remove or replace third-party CDN sources with self-hosted copies where possible.For remaining CDN scripts, add SRI hashes via the script_loader_t...
Remediation Steps
Follow the steps below to remediate this finding on Joomla. Audit scripts loaded in your template's index.php and component views.Replace remote CDN references with locally hosted copies where possible.For third-party scripts, add integrity and crossorigin att...
Remediation Steps
Follow the steps below to remediate this finding on Drupal. Audit libraries defined in *.libraries.yml files for external URLs.Replace CDN sources with local files where possible:my_library:js:/libraries/mylib/lib.min.js: {}For external sources that must remai...