ZAP API Scan Report

[github-actions]

• Site: https://petstore3.swagger.io
  New Alerts
  • CSP: Wildcard Directive [10055] total: 1:
    • https://petstore3.swagger.io/
  • CSP: script-src unsafe-inline [10055] total: 1:
    • https://petstore3.swagger.io/
  • CSP: style-src unsafe-inline [10055] total: 1:
    • https://petstore3.swagger.io/
  • Cross-Domain Misconfiguration [10098] total: 1:
    • https://petstore3.swagger.io/
  • Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 2:
    • https://petstore3.swagger.io/
    • https://petstore3.swagger.io/
  • Permissions Policy Header Not Set [10063] total: 1:
    • https://petstore3.swagger.io/
  • Strict-Transport-Security Header Not Set [10035] total: 1:
    • https://petstore3.swagger.io/
  • Unexpected Content-Type was returned [100001] total: 4:
    • https://petstore3.swagger.io
    • https://petstore3.swagger.io/
    • https://petstore3.swagger.io/1228839487643536219
    • https://petstore3.swagger.io/actuator/health
  • X-Content-Type-Options Header Missing [10021] total: 1:
    • https://petstore3.swagger.io/
  • Modern Web Application [10109] total: 1:
    • https://petstore3.swagger.io/
  • Re-examine Cache-control Directives [10015] total: 1:
    • https://petstore3.swagger.io/
  • Sec-Fetch-Dest Header is Missing [90005] total: 1:
    • https://petstore3.swagger.io/
  • Sec-Fetch-Mode Header is Missing [90005] total: 1:
    • https://petstore3.swagger.io/
  • Sec-Fetch-Site Header is Missing [90005] total: 1:
    • https://petstore3.swagger.io/
  • Sec-Fetch-User Header is Missing [90005] total: 1:
    • https://petstore3.swagger.io/
  • Storable and Cacheable Content [10049] total: 1:
    • https://petstore3.swagger.io/

View the following link to download the report.
RunnerID:13467794103

---

ZAP by Checkmarx