| Missing_X-Frame-Options | | CWE-1021 | MEDIUM |
| Missing "Strict-Transport-Security" Header | | CWE-319 | LOW |
| Missing "Content-Type" Header (Functional Testing) | | CWE-16 | LOW |
| Missing "Content-Security-Policy" Security Header (Functional Testing) | | CWE-16 | LOW |
| Null Origin Allowed In Cross-Origin Requests | | CWE-942 | MEDIUM |
| Missing "X-Content-Type-Options" Response Header | | CWE-79 | LOW |
| API Operation Publicly Accessible (Leaky APIs) | | CWE-284 | MEDIUM |
| API Operation Publicly Accessible (By Design) | | CWE-284 | LOW |
| Azure-hosted API Without Rate Limiting | | CWE-400 | MEDIUM |
| RESTful API Discloses "X-Asp-Net-Version" Fingerprinting Header | | CWE-200 | LOW |
| RESTful API Discloses - "X-Powered-By" Fingerprinting Header | | CWE-200 | LOW |
| Test HTTP Methods | | CWE-749 | INFO |
| JWT Authentication Bypass via Flawed Signature Verification | | CWE-347 | HIGH |
| Lack of Rate Limiting | | CWE-770 | MEDIUM |
| JWT Expiration Time | | CWE-613 | HIGH |
| JWT Sensitive Data Disclosure | | CWE-311 | LOW |
| Failing Response Time | | CWE-400 | MEDIUM |
| Sending JWT in URL Parameters | | CWE-384 | MEDIUM |
| Null Value Acceptance | | CWE-704 | MEDIUM |
| JWT Authentication Bypass via JWK Header Injection | | CWE-347 | HIGH |
| Massive Data on Response | | CWE-400 | MEDIUM |
| Sequential IDs Attack | | CWE-22 | HIGH |
| Server-Side Request Forgery (SSRF) | | CWE-918 | HIGH |
| URL Contains Sensitive Data - IP address | | CWE-200 | MEDIUM |
| Mass Assignment - Response Body | | CWE-915 | MEDIUM |
| Sensitive Information Disclosure - PII - TCKN | | CWE-200 | MEDIUM |
| URL Contains Sensitive Data - TCKN | | CWE-200 | MEDIUM |
| URL Contains Sensitive Data - SSN | | CWE-200 | MEDIUM |
| URL Contains Sensitive Data - Email | | CWE-200 | MEDIUM |
| URL Contains Sensitive Data - Google API Key | | CWE-200 | MEDIUM |
| URL Contains Sensitive Data - Credit Card Number | | CWE-200 | MEDIUM |
| Improper Input Validation | | CWE-20 | MEDIUM |
| Sensitive Information Disclosure - PII - SSN | | CWE-200 | MEDIUM |
| Sensitive Information Disclosure - PII - Credit Card Number | | CWE-200 | MEDIUM |
| Sensitive Information Disclosure - Google API Key | | CWE-200 | MEDIUM |
| Sensitive Information Disclosure - Email | | CWE-200 | MEDIUM |
| Sensitive Information Disclosure - Full Path Disclosure | | CWE-200 | MEDIUM |
| Improper Assets Management - Version in Endpoint | | CWE-937 | MEDIUM |
| Improper Assets Management - Version in Query String | | CWE-937 | MEDIUM |
| 401&403 Bypass With X-F-F Header | | CWE-290 | HIGH |
| Improper Assets Management - Version in HTTP Header | | CWE-937 | HIGH |
| CORS (Cross-Origin Resource Sharing) | | CWE-942 | MEDIUM |
| Graphql Introspection | | CWE-200 | LOW |
| Sensitive Information Disclosure - Internal IP Address | | CWE-200 | MEDIUM |
| Information Leakage - Swagger Documentation | | CWE-200 | LOW |
| Prototype Pollution via __proto__ | | CWE-1321 | HIGH |
| Sensitive Information Disclosure - Bitcoin Wallet Address | | CWE-200 | MEDIUM |
| Sensitive Information Disclosure - IPv6 Address | | CWE-200 | MEDIUM |
| Sensitive Information Disclosure - MAC Address | | CWE-200 | MEDIUM |
| Improper Error Handling | | CWE-703 | HIGH |
| NoSQL Injection - MongoDB | | CWE-943 | HIGH |
| Insecure Direct Object Reference (IDOR) | | CWE-639 | HIGH |
| Open Redirect | | CWE-601 | MEDIUM |
| HTTP Parameter Pollution | | CWE-20 | MEDIUM |
| Missing Referrer-Policy | | CWE-200 | MEDIUM |
| Missing Cache-Control | | CWE-525 | MEDIUM |
| Missing Clear-Site-Data | | CWE-359 | MEDIUM |
| Missing Cross-Origin-Embedder-Policy | | CWE-829 | HIGH |
| Missing Cross-Origin-Opener-Policy | | CWE-829 | HIGH |
| Missing Cross-Origin-Resource-Policy | | CWE-829 | HIGH |
| Missing Permissions-Policy | | CWE-284 | MEDIUM |
| Missing X-Permitted-Cross-Domain-Policies | | CWE-829 | HIGH |
| Missing X-XSS-Protection | | CWE-79 | MEDIUM |
| Information Disclosure via K-Proxy-Request Header | | CWE-200 | MEDIUM |
| Information Disclosure via Liferay-Portal Header | | CWE-200 | MEDIUM |
| Information Disclosure via OracleCommerceCloud-Version Header | | CWE-200 | MEDIUM |
| Information Disclosure via Pega-Host Header | | CWE-200 | MEDIUM |
| Information Disclosure via Powered-By Header | | CWE-200 | LOW |
| Information Disclosure via Product Header | | CWE-200 | MEDIUM |
| Information Disclosure via Server Header | | CWE-200 | MEDIUM |
| Information Disclosure via SourceMap Header | | CWE-200 | HIGH |
| Information Disclosure via X-AspNetMvc-Version Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Atmosphere-error Header | | CWE-209 | MEDIUM |
| Information Disclosure via X-Atmosphere-first-request Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Atmosphere-tracking-id Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-B3-ParentSpanId Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-B3-Sampled Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-B3-SpanId Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-B3-TraceId Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-BEServer Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Backside-Transport Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-CF-Powered-By Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-CMS Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-CalculatedBETarget Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Cocoon-Version Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Content-Encoded-By Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-DiagInfo Header | | CWE-209 | MEDIUM |
| Information Disclosure via X-Envoy-Attempt-Count Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Envoy-External-Address Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Envoy-Internal Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Envoy-Original-Dst-Host Header | | CWE-200 | MEDIUM |
| X-Envoy-Upstream-Service-Time | | CWE-200 | MEDIUM |
| Information Disclosure via X-FEServer Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Framework Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Generated-By Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Generator Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Jitsi-Release Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Joomla-Version Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Kubernetes-PF-FlowSchema-UI Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Kubernetes-PF-PriorityLevel-UID Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-LiteSpeed-Cache Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-LiteSpeed-Purge Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-LiteSpeed-Tag Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-LiteSpeed-Vary Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Litespeed-Cache-Control Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Mod-Pagespeed Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Nextjs-Cache Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Nextjs-Matched-Path Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Nextjs-Page Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Nextjs-Redirect Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-OWA-Version Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Old-Content-Length Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-OneAgent-JS-Injection Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Page-Speed Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Php-Version Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Powered-By-Plesk Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Powered-CMS Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Redirect-By Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Server-Powered-By Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-SourceFiles Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-SourceMap Header | | CWE-200 | HIGH |
| Information Disclosure via X-Turbo-Charged-By Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Umbraco-Version Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Varnish-Backend Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-Varnish-Server Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-dtAgentId Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-dtHealthCheck Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-dtInjectedServlet Header | | CWE-200 | MEDIUM |
| Information Disclosure via X-ruxit-JS-Agent Header | | CWE-200 | MEDIUM |
