ZAP Full Scan Report

[github-actions]

• Site: https://app.niftybank.org
  New Alerts
  • Bypassing 403 [40038] total: 4:
    • https://app.niftybank.org/static%20/
    • https://app.niftybank.org/static/%20/
    • https://app.niftybank.org/static/css%20/
    • https://app.niftybank.org/static/js%20/
  • Content Security Policy (CSP) Header Not Set [10038] total: 3:
    • https://app.niftybank.org/
    • https://app.niftybank.org/sitemap.xml
    • https://app.niftybank.org/static/
  • Missing Anti-clickjacking Header [10020] total: 2:
    • https://app.niftybank.org/
    • https://app.niftybank.org/sitemap.xml
  • Relative Path Confusion [10051] total: 8:
    • https://app.niftybank.org/favicon.ico
    • https://app.niftybank.org/logo192.png
    • https://app.niftybank.org/manifest.json
    • https://app.niftybank.org/robots.txt
    • https://app.niftybank.org/sitemap.xml
    • ..
  • Permissions Policy Header Not Set [10063] total: 5:
    • https://app.niftybank.org/
    • https://app.niftybank.org/sitemap.xml
    • https://app.niftybank.org/static/
    • https://app.niftybank.org/static/js/2.65f7485d.chunk.js
    • https://app.niftybank.org/static/js/main.9da48410.chunk.js
  • Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [10037] total: 5:
    • https://app.niftybank.org/
    • https://app.niftybank.org/favicon.ico
    • https://app.niftybank.org/manifest.json
    • https://app.niftybank.org/robots.txt
    • https://app.niftybank.org/sitemap.xml
  • Strict-Transport-Security Header Not Set [10035] total: 4:
    • https://app.niftybank.org/logo192.png
    • https://app.niftybank.org/static/css/main.3c4755b3.chunk.css
    • https://app.niftybank.org/static/js/2.65f7485d.chunk.js
    • https://app.niftybank.org/static/js/main.9da48410.chunk.js
  • Timestamp Disclosure - Unix [10096] total: 1:
    • https://app.niftybank.org/static/js/2.65f7485d.chunk.js
  • X-Content-Type-Options Header Missing [10021] total: 9:
    • https://app.niftybank.org/
    • https://app.niftybank.org/favicon.ico
    • https://app.niftybank.org/logo192.png
    • https://app.niftybank.org/manifest.json
    • https://app.niftybank.org/robots.txt
    • ..
  • Information Disclosure - Suspicious Comments [10027] total: 1:
    • https://app.niftybank.org/static/js/2.65f7485d.chunk.js
  • Modern Web Application [10109] total: 2:
    • https://app.niftybank.org/
    • https://app.niftybank.org/sitemap.xml
  • Non-Storable Content [10049] total: 1:
    • https://app.niftybank.org/static/
  • Re-examine Cache-control Directives [10015] total: 4:
    • https://app.niftybank.org/
    • https://app.niftybank.org/manifest.json
    • https://app.niftybank.org/robots.txt
    • https://app.niftybank.org/sitemap.xml
  • Storable and Cacheable Content [10049] total: 9:
    • https://app.niftybank.org/
    • https://app.niftybank.org/favicon.ico
    • https://app.niftybank.org/logo192.png
    • https://app.niftybank.org/manifest.json
    • https://app.niftybank.org/robots.txt
    • ..
  • User Agent Fuzzer [10104] total: 53:
    • https://app.niftybank.org
    • https://app.niftybank.org/
    • https://app.niftybank.org/favicon.ico
    • https://app.niftybank.org/logo192.png
    • https://app.niftybank.org/manifest.json
    • ..

View the following link to download the report.
RunnerID:5702574857