securityheaders / securityheaders-bugs Public

Notifications You must be signed in to change notification settings
Fork 0
Star 21

Code
Issues 33
Pull requests
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

Issues: securityheaders/securityheaders-bugs

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

33 Open 79 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Issues list

Are the IP adresses listed at .well-known/ipv4.txt correct?

#112 opened May 8, 2024 by emilbjorklund

API response is missing correct content

#111 opened Sep 13, 2023 by sverrets

New API Authorization requirement and options for Open Source projects

#110 opened May 8, 2023 by calebcartwright

Don't require Permissions-Policy if it's redundant

#103 opened Nov 5, 2021 by Seirdy

CSP show missing even though it is configured.

#102 opened Sep 17, 2021 by mmartire-prosper

Security Headers not showing

#101 opened Aug 25, 2021 by ghost

'unsafe-inline' in style-src directive capping score to A when it should probably not

#100 opened Aug 12, 2021 by joelbourbon

Expect-CT is obsolete

#99 opened Jun 1, 2021 by hannob

Permissions-Policy check wrongly accepts single quote as origin enclosing character

#98 opened May 6, 2021 by Peneheals

Permissions-Policy check wrongly accepts ";" character as a good separator

#97 opened May 6, 2021 by Peneheals

How bad is it to not include security headers when redirecting from Http to Https?

#95 opened May 3, 2021 by nulltoken

securityheaders follows redirect that doesn't exist

#94 opened Feb 27, 2021 by weinzierl

Trusted-Types

#92 opened Jan 26, 2021 by craigfrancis

Security headers not detected, "F" score

#91 opened Jan 25, 2021 by mrmatteastwood

different results in scan vs headers when inspected in dev tools

#90 opened Jan 8, 2021 by churchthecat

Sorry about that... Something went wrong there! Maybe check the URL and try again?

#88 opened Sep 18, 2020 by pinkfloydFR

Redirected root domain not being scanned properly

#85 opened Sep 1, 2020 by dreckner

SecureHeader site shows header missing if i add the header through code instead of web.config file

#84 opened Aug 15, 2020 by shyambhiogade

passing JWT to validate using an authenticated call

#82 opened Jul 29, 2020 by phuot

Server tokens via http2

#81 opened Jun 25, 2020 by mrjackwills

Strange Behavior

#80 opened Jun 1, 2020 by g-pearl

Giving missing headers errors for non-html content types

#79 opened May 29, 2020 by mattwowza

Validating that __Host and __Secure prefixed cookies contain required attributes

#78 opened May 17, 2020 by smarek

Maybe disable Feature-Policy check for now, or make it optional

#77 opened May 13, 2020 by dimaqq

Feature request: Cross-Origin-Embedder-Policy/Cross-Origin-Opener-Policy

#75 opened Apr 18, 2020 by hannob

Previous 1 2 Next

Previous Next

ProTip! Updated in the last three days: updated:>2025-01-08.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly