Sec-Fetch-Mode Header is Missing

Home/Alerts/Alert detail/

Risk:
Informational

Type:
Passive

CWE:
CWE-352

Summary: Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.

Solution: Ensure that Sec-Fetch-Mode header is included in request headers.

References: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode

Latest Security News

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

CWE top 25 most dangerous software weaknesses

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Common Alerts

InformationalUsername Hash Found

InformationalSession Management Response Identified

HighServer Side Request Forgery

MediumRelative Path Confusion

InformationalContent-Type Header Missing

InformationalSplit Viewstate in Use

HighSQL Injection - Oracle

HighGeneric Padding Oracle

HighPath Traversal

LowInsufficient Site Isolation Against Spectre Vulnerability

Top CVE List

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

Top CWE List

CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic

HighCWE-805 Buffer Access with Incorrect Length Value

CWE-1072 Data Resource Access without Use of Connection Pooling

CWE-1091 Use of Object without Invoking Destructor Method

CWE-1174 ASP.NET Misconfiguration: Improper Model Validation

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

MediumCWE-190 Integer Overflow or Wraparound

LowCWE-262 Not Using Password Aging

CWE-36 Absolute Path Traversal

Free security scan for your website

Don't show website scan report rating on the leaderboard