- September 22, 2022: Added Assets (Asset, Calculated Importance, & View findings), Comments, Dates (First Seen & Last Seen), Finding Identifier, Finding Grade, Refresh (Refresh Status, Refresh Details, & Refresh Requested), In Remediations (Issue, Details, & Remediation Tip) fields; “Remediation Instructions” renamed to “Remediations.”
- March 15, 2022: Listed data available in CSV download.
- April 7, 2021: Linked to Diligence findings.
The Web Application Headers risk vector contains information about the messages, determines how to receive messages, and determines how recipients should respond to a message.
View findings from the Findings page or use the Bitsight API.
This data is available for download (.csv) via the Download button. The download is supported for up to 9000 rows of findings. It includes columns that are currently configured in the table.
Finding Details
The details include the data in Findings, Diligence details, and also the following information:
❖ This field can be included in the table from the Customize Columns option.
† Including this field contains the following details: Cache-Control, Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options.
| Field | Description | |
|---|---|---|
| Assets | Asset details. | |
| Asset | The asset name. | |
| Calculated Importance | The Bitsight-calculated asset importance. | |
| View findings | Filter findings by the asset. | |
| Cache-Control❖† | Indicates if the Cache-Control header is missing. | |
| Comments | Finding comments for describing the status of resolution or validity of findings to external stakeholders and other interested parties. | |
| Content-Security-Policy❖† | Indicates if the Content-Security-Policy header is missing. | |
| Dates | Observation dates. | |
| First Seen | The date when the finding was first observed. | |
| Last Seen | The date when the finding was last observed. | |
| Destination Port❖ | The destination port number identified in the finding. | |
| Final Location❖ | URL where headers were observed. | |
| Finding Identifier | An ID for the finding. | |
| Finding Grade | The finding grade. | |
| HTTP Headers | HTTP header details. | |
| Last Seen IP:Port | The most recently observed IP:Port pair. | |
| Observed IPs❖ | The IP address where the certificate was seen, on the most recent day. | |
| Optional HTTP Header Fields | Optional HTTP header records and issues. | |
| Refresh | Refresh details. | |
| Refresh Status | The status of a user-requested refresh of a finding. | |
| Refresh Details | Clarification on remaining issues, such as if the issue is still present or further developments. | |
| Refresh Requested | The date when a refresh was requested. | |
| Remediations❖ | How to resolve a negative finding. See how to verify that a Web Application Header finding has been remediated. | |
| Issue | The finding name. | |
| Details | A description of the finding. | |
| Remediation Tip | Tips for remediating the finding. | |
| Required HTTP Header Fields | Required HTTP header records and issues. | |
| Strict-Transport-Security❖† | Indicates whether the Strict-Transport-Security header is missing. | |
| URL | The URL of the web page. | |
| X-Content-Type-Options❖† | Indicates if the X-Content-Type-Options header is missing. | |