The Web Application Headers risk vector contains information about the messages, determines how to receive messages, and determines how recipients should respond to a message.
Finding Details
The details include the data in Findings, Diligence details, and also the following information:
❖ This field can be included in the table from the Customize Columns option.
† Including this field contains the following details: Cache-Control, Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options.
Field | Description | |
---|---|---|
Assets | Asset details. | |
Asset | The asset name. | |
Calculated Importance | The Bitsight-calculated asset importance. | |
View findings | Filter findings by the asset. | |
Cache-Control❖† | Indicates if the Cache-Control header is missing. | |
Comments | Finding comments for describing the status of resolution or validity of findings to external stakeholders and other interested parties. | |
Content-Security-Policy❖† | Indicates if the Content-Security-Policy header is missing. | |
Dates | Observation dates. | |
First Seen | The date when the finding was first observed. | |
Last Seen | The date when the finding was last observed. | |
Destination Port❖ | The destination port number identified in the finding. | |
Final Location❖ | URL where headers were observed. | |
Finding Identifier | The asset (e.g., IP, domain, host, application, port) and its status (e.g. online/offline, version, support status) that identifies the finding. | |
Finding Grade | The finding grade. | |
HTTP Headers | HTTP header details. | |
Last Seen IP:Port | The most recently observed IP:Port pair. | |
Observed IPs❖ | The IP address where the certificate was seen, on the most recent day. | |
Optional HTTP Header Fields | Optional HTTP header records and issues. | |
Refresh | Refresh details. | |
Refresh Status | The status of a user-requested refresh of a finding. | |
Refresh Details | Clarification on remaining issues, such as if the issue is still present or further developments. | |
Refresh Requested | The date when a refresh was requested. | |
Remediations❖ | How to resolve a negative finding. See how to verify that a Web Application Header finding has been remediated. | |
Issue | The finding name. | |
Details | A description of the finding. | |
Remediation Tip | Tips for remediating the finding. | |
Required HTTP Header Fields | Required HTTP header records and issues. | |
Strict-Transport-Security❖† | Indicates whether the Strict-Transport-Security header is missing. | |
URL | The URL of the web page. | |
X-Content-Type-Options❖† | Indicates if the X-Content-Type-Options header is missing. |
- October 29, 2024: Findings Table navigation instructions moved from Risks to a new Findings section in the menu.
- January 19, 2024: Findings Table navigation by application.
- September 22, 2022: Added Assets (Asset, Calculated Importance, & View findings), Comments, Dates (First Seen & Last Seen), Finding Identifier, Finding Grade, Refresh (Refresh Status, Refresh Details, & Refresh Requested), In Remediations (Issue, Details, & Remediation Tip) fields; “Remediation Instructions” renamed to “Remediations.”
Feedback
0 comments
Please sign in to leave a comment.