ZAP Full Scan Report

[github-actions]

• Site: http://finiam-phoenix-starter.herokuapp.com
  New Alerts

  • HTTPS Content Available via HTTP [10047] total: 6:
    • https://finiam-phoenix-starter.herokuapp.com/js/index.1d4c7599c80b994c3074.js
    • https://finiam-phoenix-starter.herokuapp.com/favicon.ico
    • https://finiam-phoenix-starter.herokuapp.com/css/index.72ca8bef76d7e31f6e61.css
    • https://finiam-phoenix-starter.herokuapp.com/js/webpack-runtime.7ba35273b74d667afcbf.js
    • https://finiam-phoenix-starter.herokuapp.com/robots.txt
    • ..

• Site: https://finiam-phoenix-starter.herokuapp.com
  New Alerts

  • .env Information Leak [40034] total: 3:
    • https://finiam-phoenix-starter.herokuapp.com/css/.env
    • https://finiam-phoenix-starter.herokuapp.com/.env
    • https://finiam-phoenix-starter.herokuapp.com/js/.env
  • X-Content-Type-Options Header Missing [10021] total: 6:
    • https://finiam-phoenix-starter.herokuapp.com/favicon.ico
    • https://finiam-phoenix-starter.herokuapp.com/js/webpack-runtime.7ba35273b74d667afcbf.js
    • https://finiam-phoenix-starter.herokuapp.com/js/vendors~index.076829233ab681b789c3.js
    • https://finiam-phoenix-starter.herokuapp.com/js/index.1d4c7599c80b994c3074.js
    • https://finiam-phoenix-starter.herokuapp.com/robots.txt
    • ..
  • Timestamp Disclosure - Unix [10096] total: 12:
    • https://finiam-phoenix-starter.herokuapp.com/js/index.1d4c7599c80b994c3074.js
    • https://finiam-phoenix-starter.herokuapp.com/js/index.1d4c7599c80b994c3074.js
    • https://finiam-phoenix-starter.herokuapp.com/js/index.1d4c7599c80b994c3074.js
    • https://finiam-phoenix-starter.herokuapp.com/js/index.1d4c7599c80b994c3074.js
    • https://finiam-phoenix-starter.herokuapp.com/js/index.1d4c7599c80b994c3074.js
    • ..
  • Strict-Transport-Security Header Not Set [10035] total: 9:
    • https://finiam-phoenix-starter.herokuapp.com/js/index.1d4c7599c80b994c3074.js
    • https://finiam-phoenix-starter.herokuapp.com
    • https://finiam-phoenix-starter.herokuapp.com/sitemap.xml
    • https://finiam-phoenix-starter.herokuapp.com/
    • https://finiam-phoenix-starter.herokuapp.com/js/vendors~index.076829233ab681b789c3.js
    • ..
  • Content Security Policy (CSP) Header Not Set [10038] total: 3:
    • https://finiam-phoenix-starter.herokuapp.com/
    • https://finiam-phoenix-starter.herokuapp.com
    • https://finiam-phoenix-starter.herokuapp.com/sitemap.xml
  • Modern Web Application [10109] total: 5:
    • https://finiam-phoenix-starter.herokuapp.com/js/index.1d4c7599c80b994c3074.js
    • https://finiam-phoenix-starter.herokuapp.com/
    • https://finiam-phoenix-starter.herokuapp.com/sitemap.xml
    • https://finiam-phoenix-starter.herokuapp.com/js/vendors~index.076829233ab681b789c3.js
    • https://finiam-phoenix-starter.herokuapp.com
  • Trace.axd Information Leak [40029] total: 3:
    • https://finiam-phoenix-starter.herokuapp.com/js/trace.axd
    • https://finiam-phoenix-starter.herokuapp.com/css/trace.axd
    • https://finiam-phoenix-starter.herokuapp.com/trace.axd
  • Incomplete or No Cache-control and Pragma HTTP Header Set [10015] total: 5:
    • https://finiam-phoenix-starter.herokuapp.com/
    • https://finiam-phoenix-starter.herokuapp.com/sitemap.xml
    • https://finiam-phoenix-starter.herokuapp.com
    • https://finiam-phoenix-starter.herokuapp.com/robots.txt
    • https://finiam-phoenix-starter.herokuapp.com/css/index.72ca8bef76d7e31f6e61.css
  • Information Disclosure - Suspicious Comments [10027] total: 2:
    • https://finiam-phoenix-starter.herokuapp.com/js/index.1d4c7599c80b994c3074.js
    • https://finiam-phoenix-starter.herokuapp.com/js/vendors~index.076829233ab681b789c3.js

View the following link to download the report.
RunnerID:864167503