- September 22, 2022: Added Assets (Asset, Calculated Importance, & View findings), Comments, Dates (First Seen & Last Seen), Finding Identifier, Finding Grade, Refresh (Refresh Status, Refresh Details, & Refresh Requested), In Remediations (Issue, Details, & Remediation Tip) fields; “Remediation Instructions” renamed to “Remediations.”
- March 15, 2022: Listed data available in CSV download.
- April 7, 2021: Linked to Diligence findings.
The Web Application Headers risk vector contains information about the messages, determines how to receive messages, and determines how recipients should respond to a message.
† Including this field contains the following details: Cache-Control, Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options.
|Asset||The asset name.|
|Calculated Importance||The Bitsight-calculated asset importance.|
|View findings||Filter findings by the asset.|
|Cache-Control❖†||Indicates if the Cache-Control header is missing.|
|Comments||Finding comments for describing the status of resolution or validity of findings to external stakeholders and other interested parties.|
|Content-Security-Policy❖†||Indicates if the Content-Security-Policy header is missing.|
|First Seen||The date when the finding was first observed.|
|Last Seen||The date when the finding was last observed.|
|Destination Port❖||The destination port number identified in the finding.|
|Final Location❖||URL where headers were observed.|
|Finding Identifier||An ID for the finding.|
|Finding Grade||The finding grade.|
|HTTP Headers||HTTP header details.|
|Last Seen IP:Port||The most recently observed IP:Port pair.|
|Observed IPs❖||The IP address where the certificate was seen, on the most recent day.|
|Optional HTTP Header Fields||Optional HTTP header records and issues.|
|Refresh Status||The status of a user-requested refresh of a finding.|
|Refresh Details||Clarification on remaining issues, such as if the issue is still present or further developments.|
|Refresh Requested||The date when a refresh was requested.|
|Remediations❖||How to resolve a negative finding. See how to verify that a Web Application Header finding has been remediated.|
|Issue||The finding name.|
|Details||A description of the finding.|
|Remediation Tip||Tips for remediating the finding.|
|Required HTTP Header Fields||Required HTTP header records and issues.|
|Strict-Transport-Security❖†||Indicates whether the Strict-Transport-Security header is missing.|
|URL||The URL of the web page.|
|X-Content-Type-Options❖†||Indicates if the X-Content-Type-Options header is missing.|