Nikto Output
OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://<ipaddress>/images/".
Category Archives: nikto
ASP.NET DEBUG enabled
Nikto Output
DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
Excessive headers
You probably gonna find this issue in your manual browsing and spidering phase of your assessment and when performing the Fingerprint Web Server (Passive) and Fingerprint Web Server (Active) Tests.
The X-Content-Type-Options header is not set
Nikto Output
The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
The X-XSS-Protection header is not defined
Nikto Output
The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
The site uses SSL and the Strict-Transport-Security HTTP header is not defined
Nikto output
| The site uses SSL and the Strict-Transport-Security HTTP header is not defined |
Web Server Uses Basic Authentication without HTTPS
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nikto and Nessus will report this issue during your scanning phase.
Cookie Set without secure flag
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nikto and Nessus will report this issue during your scanning phase.
Cookie No HttpOnly Flag
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nikto and Nessus will report this issue during your scanning phase.