ZAP Scan Baseline Report

[github-actions]

• Site: https://juice-shop.herokuapp.com
  New Alerts
  • Content Security Policy (CSP) Header Not Set [10038] total: 2:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/sitemap.xml
  • Cross-Domain Misconfiguration [10098] total: 9:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
    • https://juice-shop.herokuapp.com/main.js
    • https://juice-shop.herokuapp.com/polyfills.js
    • https://juice-shop.herokuapp.com/robots.txt
    • ..
  • Cross-Domain JavaScript Source File Inclusion [10017] total: 4:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/sitemap.xml
    • https://juice-shop.herokuapp.com/sitemap.xml
  • Dangerous JS Functions [10110] total: 2:
    • https://juice-shop.herokuapp.com/main.js
    • https://juice-shop.herokuapp.com/vendor.js
  • Deprecated Feature Policy Header Set [10063] total: 6:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/main.js
    • https://juice-shop.herokuapp.com/polyfills.js
    • https://juice-shop.herokuapp.com/runtime.js
    • https://juice-shop.herokuapp.com/sitemap.xml
    • ..
  • Strict-Transport-Security Header Not Set [10035] total: 9:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
    • https://juice-shop.herokuapp.com/main.js
    • https://juice-shop.herokuapp.com/polyfills.js
    • https://juice-shop.herokuapp.com/robots.txt
    • ..
  • Timestamp Disclosure - Unix [10096] total: 9:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
    • https://juice-shop.herokuapp.com/main.js
    • https://juice-shop.herokuapp.com/main.js
    • https://juice-shop.herokuapp.com/polyfills.js
    • ..
  • Base64 Disclosure [10094] total: 4:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
    • https://juice-shop.herokuapp.com/main.js
    • https://juice-shop.herokuapp.com/vendor.js
  • Information Disclosure - Suspicious Comments [10027] total: 2:
    • https://juice-shop.herokuapp.com/main.js
    • https://juice-shop.herokuapp.com/vendor.js
  • Modern Web Application [10109] total: 2:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/sitemap.xml
  • Re-examine Cache-control Directives [10015] total: 2:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/sitemap.xml
  • Sec-Fetch-Dest Header is Missing [90005] total: 3:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
    • https://juice-shop.herokuapp.com/robots.txt
  • Sec-Fetch-Mode Header is Missing [90005] total: 3:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
    • https://juice-shop.herokuapp.com/robots.txt
  • Sec-Fetch-Site Header is Missing [90005] total: 3:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
    • https://juice-shop.herokuapp.com/robots.txt
  • Sec-Fetch-User Header is Missing [90005] total: 3:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
    • https://juice-shop.herokuapp.com/robots.txt
  • Storable and Cacheable Content [10049] total: 1:
    • https://juice-shop.herokuapp.com/robots.txt
  • Storable but Non-Cacheable Content [10049] total: 8:
    • https://juice-shop.herokuapp.com/
    • https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
    • https://juice-shop.herokuapp.com/main.js
    • https://juice-shop.herokuapp.com/polyfills.js
    • https://juice-shop.herokuapp.com/runtime.js
    • ..

View the following link to download the report.
RunnerID:7483128441