ZAP Scanning Report

Generated with ZAP on Tue 30 Jan 2024, at 09:07:27

ZAP Version: 2.14.0

Contents

About this report

Report parameters

Contexts

No contexts were selected, so all contexts were included by default.

Sites

The following sites were included:

  • https://umbrella.unlockeddata.com

(If no sites were selected, all sites were included by default.)

An included site must also be within one of the included contexts for its data to be included in the report.

Risk levels

Included: High, Medium, Low, Informational

Excluded: None

Confidence levels

Included: User Confirmed, High, Medium, Low

Excluded: User Confirmed, High, Medium, Low, False Positive

Summaries

Alert counts by risk and confidence

This table shows the number of alerts for each level of risk and confidence included in the report.

(The percentages in brackets represent the count as a percentage of the total number of alerts included in the report, rounded to one decimal place.)
Confidence
User Confirmed High Medium Low Total
Risk High 0
(0.0%)		 0
(0.0%)		 0
(0.0%)		 0
(0.0%)		 0
(0.0%)
Medium 0
(0.0%)		 1
(14.3%)		 0
(0.0%)		 1
(14.3%)		 2
(28.6%)
Low 0
(0.0%)		 0
(0.0%)		 1
(14.3%)		 0
(0.0%)		 1
(14.3%)
Informational 0
(0.0%)		 0
(0.0%)		 3
(42.9%)		 1
(14.3%)		 4
(57.1%)
Total 0
(0.0%)		 1
(14.3%)		 4
(57.1%)		 2
(28.6%)		 7
(100%)

Alert counts by site and risk

This table shows, for each site for which one or more alerts were raised, the number of alerts raised at each risk level.

Alerts with a confidence level of "False Positive" have been excluded from these counts.

(The numbers in brackets are the number of alerts raised for the site at or above that risk level.)
Risk
High
(= High) 		Medium
(>= Medium) 		Low
(>= Low) 		Informational
(>= Informational)
Site https://umbrella.unlockeddata.com 0
(0)		 2
(2)		 1
(3)		 4
(7)

Alert counts by alert type

This table shows the number of alerts of each alert type, together with the alert type's risk level.

(The percentages in brackets represent each count as a percentage, rounded to one decimal place, of the total number of alerts included in this report.)
Alert type Risk Count
CSP: style-src unsafe-inline Medium 3
(42.9%)
Hidden File Found Medium 4
(57.1%)
Cookie Without Secure Flag Low 2
(28.6%)
Modern Web Application Informational 2
(28.6%)
Re-examine Cache-control Directives Informational 2
(28.6%)
Session Management Response Identified Informational 3
(42.9%)
User Agent Fuzzer Informational 60
(857.1%)
Total 7

Alerts

  1. Risk=Medium, Confidence=High (1)

    1. https://umbrella.unlockeddata.com (1)

      1. CSP: style-src unsafe-inline (1)
        1. GET https://umbrella.unlockeddata.com
          Alert tags
          Alert description

          Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
          Other info

          style-src includes unsafe-inline.
          Request
          Request line and header section (251 bytes) 
          GET https://umbrella.unlockeddata.com HTTP/1.1
host: umbrella.unlockeddata.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
          Request body (0 bytes)
          Response
          Status line and header section (962 bytes) 
          HTTP/1.1 200 OK
Date: Tue, 30 Jan 2024 08:54:05 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0
Pragma: no-cache
Set-Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8EWFfaRpmtJKgYPmgI9VVQw15ZG5P_bAnXqA6RA-46WCOM_qAA8-mZeOd2WrCA118skRRmVtBo_A8BbjBGkcGE5hUga3E1UF2kX6sPa8kCDgkQxLwJJbu3gBiMo2Q3TQ2WIM3bU1Wanpx7LwJrX5klc; path=/; samesite=strict; httponly
Content-Security-Policy: default-src 'self';script-src 'self' use.typekit.net 'nonce-GBoHX5kMf7f/aissGKlTCdJFrxJo5yEIcQqDhVpnVLo=' 'unsafe-inline';style-src 'self' use.typekit.net 'unsafe-inline';connect-src 'self';font-src 'self' data://* use.typekit.net;form-action 'self';img-src 'self' p.typekit.net;object-src 'none';frame-ancestors 'none';base-uri 'self'
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
blazor-enhanced-nav: allow
Strict-Transport-Security: max-age=15724800; includeSubDomains
content-length: 6879
          Response body (6879 bytes) 
          <!DOCTYPE html>
<html lang="en"><head><meta charset="utf-8">
    <meta name="viewport" content="width=device-width">
    <title>Unlocked Data</title>
    <base href="//" />

    
    <link href="_content/UnlockedData.Unlock8s.StaticContent/lib/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">

    
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/font-awesome/v4/font-awesome.min.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/font-awesome/css/all.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/themify/themify-icons.css" rel="stylesheet">

    <link href="_content/UnlockedData.Mapael/mapael.css" rel="stylesheet">

   

    
    <link href="_content/Blazored.Typeahead/blazored-typeahead.css" rel="stylesheet">


    
    <link href="_content/UnlockedData.JVectorMap/jvectormap.css" rel="stylesheet">
    <link href="_content/UnlockedData.Chartist.Blazor/chartist.css" rel="stylesheet">
    <link href="_content/UnlockedData.EasyPieChart/easyPieChart.css" rel="stylesheet">
    <link href="_content/UnlockedData.Mapael/mapael.css" rel="stylesheet">
    <link href="_content/UnlockedData.BlazorTour/blazorTour.css" rel="stylesheet">
    

    

    <link href="_content/UnlockedData.Unlock8s.StaticContent/favicon.ico" rel="shortcut icon">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/unlocked.min.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/print.min.css" rel="stylesheet">
    <link href="Unlock8s.ClientServices.Backend.styles.css" rel="stylesheet">
    <link href="custom.css" rel="stylesheet">
    <!--Blazor:{"type":"server","key":{"locationHash":"77D12F14A8105320B1AAED6AE7E689DA0EC4483270A645E84079EAA0FFDF550D:9","formattedComponentKey":""},"sequence":0,"descriptor":"CfDJ8EWFfaRpmtJKgYPmgI9VVQzpEeZ4I\u002BTHhLKY/RfdZjGrZwRORfbX9H1EJwxaCnsQTjkeKHjfwmuAbN6qc7CsGfHRHI//VOPpLyLJy33fBSna7NDtrr4sviw8AK76Wd2Dee0rbQ8IqJ8yzvGqi8\u002Be6Ulc0sV9YSc/f1N6jNshDUIwLiCnBRRqp2qtd/ENcnSQS9Ml6SWqtjxDZYT3R3AJ7iPtcP2YQx2U93PES8xjsiMCabmq8JnYJphpBsxBCRr0cwSwV1Ty3Jn6DBbIdXGBU4vy5vkxsJkFs0UV5mUjdgVOzY7sypY5fe1FTzabIX3JI8h9pklOsd2M1NJLa0p8Wp/KCB5R5m3wQZku9tJZqGs0n0KLZo93Yd8ttVxCtymGfmW7moy7NSK7gW66gr5ikgzj9WTkhxNJy3hWhr\u002BSN8zi7mtWthVANObdo4MRPyJA9Yhte4oZQs7TdtXE1HODq0rD82sSJuna0sDaVDKvTSEbzdEa9xeTHFO8C1RMh5ka9mPlksMsLPp1MvwKWlO/hXyWsndzkTfR9GcSMENpYmCzNYTpkyEJZYzZchrATlbnBvj7zrCX6Aha5dZjGZ6BM04="}--></head>
<body class="sidebar-mini" id="page"><!--Blazor:{"type":"server","key":{"locationHash":"60742154495B8270400EF25C2EE160147BAE6475C664F3BE9AC29F0822010998:14","formattedComponentKey":""},"sequence":1,"descriptor":"CfDJ8EWFfaRpmtJKgYPmgI9VVQzPdYzEEAZMgj\u002BlJ6LF9k6un\u002BELII08KjDz8DThLw8mAcB6nJaQ26RNvT\u002BuQ5E4aQIC4KUUXEiY8NE55tNr/m9PN023kv0CVS0qV70mmP9lG6PI59C2D10bi/zm9c1OqqI8MO/4PiH0eGz/69qlV2HXkctPQg1cfHxSexl4uIIWwzjTN\u002BZ9pG6JyAvh8JwcyIiTx5KVvvL94xI8fZ/4nEwa8i4c90F64o7jimXhpXDF2urcaMZhS0ySeFG5ZWIvFIJnCIls2Zl3Cx4vfM9QaxulhsmY39dW2qJ5bL80wCRpK4/siz8T3bfutJ37WgVuxGMbAEMKeoBDPHM4gplvciuTsX3qREj7aEUNB2HpCU70qbbvhYKoumd86yyFomW0wP1toYbPeyApVEyM/fwsU3a1ba\u002BmncmTJCJcLMBugpX4/6GevaFi7zhkz7t7oJmLGqX8j/K0jS3ZSMCcuvZHPqVlcRfX4WTy8cUTtzjt7BomWlD2iPFM/3mkOxvuOVJga87ooPFSPqFoG1zlIRvWMQ7o5fYz\u002Bdl\u002BpLYnrDfmBofKElvXoLHQeq3gIUuZdxyD8e5hBMkP807qLGqMoP2N0J\u002BB"}-->

<div id="blazor-error-ui">
          An error has occurred. This app may no longer respond until reloaded.
      </div>


<script src="_framework/blazor.web.js" asp-add-nonce="true"></script>


<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/core/jquery.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/core/popper.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/bootstrap/dist/js/bootstrap.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/moment.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/bootstrap-switch.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/jquery.validate.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/bootstrap-tagsinput.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/paper-dashboard.js?v=2.1.1" type="text/javascript"></script>


<script src="_content/UnlockedData.EasyPieChart/easyPieChartJquery.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.NoUiSlider/nouislider.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.NoUiSlider/blazorNoUISliderInterop.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/jquery-jvectormap-2.0.5.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/jVectorMapInterop.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/maps/world_mill.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/maps/Map_UK.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Mapael/js/mapael.dependencies.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/mapael.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/unlockeddata.mapael.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/maps/world_countries_miller.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Chartist.Blazor/chartist.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Chartist.Blazor/blazorChartistInterop.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.BlazorTour/bootstrap-tour.js" asp-add-nonce="true"></script>




<script src="_content/Blazored.Typeahead/blazored-typeahead.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Unlock8s.StaticContent/scripts/unlockedLibrary.js" asp-add-nonce="true"></script></body></html><!--Blazor-Server-Component-State:CfDJ8EWFfaRpmtJKgYPmgI9VVQyvj8SC9dzsq23aazroYvuVioNZWZRKGfHn21Y3ei2yDt1TqN8lBt7RYnZKDWve2n0oFvTB+cohUZwDj4VBjItVlwSXRbzH99FrmAQZlNn4Qg2UQKYgDdXlhF9n3CHrfMXJz/PMkUUZixLk58ekq5pFqHcO0IoMJlB23n7VWR2Sp3BE41C3geMwLNtfHgTB/kx5fcoB14YiwBTRjj774S+dcIPtZ4CjcmEsbHS1sJXtLCognmOvsZTLsGGh30oiEnJmYvHD1Rk4kvOEU72zqw7hZZeeDJFMRIxmXLxhf0zWueQGv/X6LycUf8nPQ2ETroPU+SPIN9rIVSU14yy3zeV+6c81PE3rfvqlcTbnhbw7WzrtXhlUskRe0ksUYEAbD6VonoGlgjk/w/zbFQPLoH28LMchmWNkax64xGzTk3SbE4PDFwxLRnPIOMNyxCSHrlTA6DarFFD2INEn0GAsB4SVY6Rz6X+WF2OjU34+sjcyCktoW7QnbtEu/1zqt+cjDhX4JLiAbxABkQsfU/msNl6c-->
          Parameter 
          Content-Security-Policy
          Evidence 
          default-src 'self';script-src 'self' use.typekit.net 'nonce-GBoHX5kMf7f/aissGKlTCdJFrxJo5yEIcQqDhVpnVLo=' 'unsafe-inline';style-src 'self' use.typekit.net 'unsafe-inline';connect-src 'self';font-src 'self' data://* use.typekit.net;form-action 'self';img-src 'self' p.typekit.net;object-src 'none';frame-ancestors 'none';base-uri 'self'
          Solution

          Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.

  2. Risk=Medium, Confidence=Low (1)

    1. https://umbrella.unlockeddata.com (1)

      1. Hidden File Found (1)
        1. GET https://umbrella.unlockeddata.com/.hg
          Alert tags
          Alert description

          A sensitive file was identified as accessible or available. This may leak administrative, configuration, or credential information which can be leveraged by a malicious individual to further attack the system or conduct social engineering efforts.
          Request
          Request line and header section (255 bytes) 
          GET https://umbrella.unlockeddata.com/.hg HTTP/1.1
host: umbrella.unlockeddata.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
          Request body (0 bytes)
          Response
          Status line and header section (660 bytes) 
          HTTP/1.1 302 Found
Date: Tue, 30 Jan 2024 08:54:27 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache
Location: /StatusCode/404
Pragma: no-cache
Content-Security-Policy: default-src 'self';script-src 'self' use.typekit.net 'nonce-vLKhdKMCyfqe/huw0HeT/J48PzyrSd+Bsq2TtZaUmPc=' 'unsafe-inline';style-src 'self' use.typekit.net 'unsafe-inline';connect-src 'self';font-src 'self' data://* use.typekit.net;form-action 'self';img-src 'self' p.typekit.net;object-src 'none';frame-ancestors 'none';base-uri 'self'
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800; includeSubDomains
          Response body (0 bytes)
          Evidence 
          HTTP/1.1 302 Found
          Solution

          Consider whether or not the component is actually required in production, if it isn't then disable it. If it is then ensure access to it requires appropriate authentication and authorization, or limit exposure to internal systems or specific source IPs, etc.

  3. Risk=Low, Confidence=Medium (1)

    1. https://umbrella.unlockeddata.com (1)

      1. Cookie Without Secure Flag (1)
        1. GET https://umbrella.unlockeddata.com
          Alert tags
          Alert description

          A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.
          Request
          Request line and header section (251 bytes) 
          GET https://umbrella.unlockeddata.com HTTP/1.1
host: umbrella.unlockeddata.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
          Request body (0 bytes)
          Response
          Status line and header section (962 bytes) 
          HTTP/1.1 200 OK
Date: Tue, 30 Jan 2024 08:54:05 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0
Pragma: no-cache
Set-Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8EWFfaRpmtJKgYPmgI9VVQw15ZG5P_bAnXqA6RA-46WCOM_qAA8-mZeOd2WrCA118skRRmVtBo_A8BbjBGkcGE5hUga3E1UF2kX6sPa8kCDgkQxLwJJbu3gBiMo2Q3TQ2WIM3bU1Wanpx7LwJrX5klc; path=/; samesite=strict; httponly
Content-Security-Policy: default-src 'self';script-src 'self' use.typekit.net 'nonce-GBoHX5kMf7f/aissGKlTCdJFrxJo5yEIcQqDhVpnVLo=' 'unsafe-inline';style-src 'self' use.typekit.net 'unsafe-inline';connect-src 'self';font-src 'self' data://* use.typekit.net;form-action 'self';img-src 'self' p.typekit.net;object-src 'none';frame-ancestors 'none';base-uri 'self'
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
blazor-enhanced-nav: allow
Strict-Transport-Security: max-age=15724800; includeSubDomains
content-length: 6879
          Response body (6879 bytes) 
          <!DOCTYPE html>
<html lang="en"><head><meta charset="utf-8">
    <meta name="viewport" content="width=device-width">
    <title>Unlocked Data</title>
    <base href="//" />

    
    <link href="_content/UnlockedData.Unlock8s.StaticContent/lib/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">

    
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/font-awesome/v4/font-awesome.min.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/font-awesome/css/all.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/themify/themify-icons.css" rel="stylesheet">

    <link href="_content/UnlockedData.Mapael/mapael.css" rel="stylesheet">

   

    
    <link href="_content/Blazored.Typeahead/blazored-typeahead.css" rel="stylesheet">


    
    <link href="_content/UnlockedData.JVectorMap/jvectormap.css" rel="stylesheet">
    <link href="_content/UnlockedData.Chartist.Blazor/chartist.css" rel="stylesheet">
    <link href="_content/UnlockedData.EasyPieChart/easyPieChart.css" rel="stylesheet">
    <link href="_content/UnlockedData.Mapael/mapael.css" rel="stylesheet">
    <link href="_content/UnlockedData.BlazorTour/blazorTour.css" rel="stylesheet">
    

    

    <link href="_content/UnlockedData.Unlock8s.StaticContent/favicon.ico" rel="shortcut icon">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/unlocked.min.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/print.min.css" rel="stylesheet">
    <link href="Unlock8s.ClientServices.Backend.styles.css" rel="stylesheet">
    <link href="custom.css" rel="stylesheet">
    <!--Blazor:{"type":"server","key":{"locationHash":"77D12F14A8105320B1AAED6AE7E689DA0EC4483270A645E84079EAA0FFDF550D:9","formattedComponentKey":""},"sequence":0,"descriptor":"CfDJ8EWFfaRpmtJKgYPmgI9VVQzpEeZ4I\u002BTHhLKY/RfdZjGrZwRORfbX9H1EJwxaCnsQTjkeKHjfwmuAbN6qc7CsGfHRHI//VOPpLyLJy33fBSna7NDtrr4sviw8AK76Wd2Dee0rbQ8IqJ8yzvGqi8\u002Be6Ulc0sV9YSc/f1N6jNshDUIwLiCnBRRqp2qtd/ENcnSQS9Ml6SWqtjxDZYT3R3AJ7iPtcP2YQx2U93PES8xjsiMCabmq8JnYJphpBsxBCRr0cwSwV1Ty3Jn6DBbIdXGBU4vy5vkxsJkFs0UV5mUjdgVOzY7sypY5fe1FTzabIX3JI8h9pklOsd2M1NJLa0p8Wp/KCB5R5m3wQZku9tJZqGs0n0KLZo93Yd8ttVxCtymGfmW7moy7NSK7gW66gr5ikgzj9WTkhxNJy3hWhr\u002BSN8zi7mtWthVANObdo4MRPyJA9Yhte4oZQs7TdtXE1HODq0rD82sSJuna0sDaVDKvTSEbzdEa9xeTHFO8C1RMh5ka9mPlksMsLPp1MvwKWlO/hXyWsndzkTfR9GcSMENpYmCzNYTpkyEJZYzZchrATlbnBvj7zrCX6Aha5dZjGZ6BM04="}--></head>
<body class="sidebar-mini" id="page"><!--Blazor:{"type":"server","key":{"locationHash":"60742154495B8270400EF25C2EE160147BAE6475C664F3BE9AC29F0822010998:14","formattedComponentKey":""},"sequence":1,"descriptor":"CfDJ8EWFfaRpmtJKgYPmgI9VVQzPdYzEEAZMgj\u002BlJ6LF9k6un\u002BELII08KjDz8DThLw8mAcB6nJaQ26RNvT\u002BuQ5E4aQIC4KUUXEiY8NE55tNr/m9PN023kv0CVS0qV70mmP9lG6PI59C2D10bi/zm9c1OqqI8MO/4PiH0eGz/69qlV2HXkctPQg1cfHxSexl4uIIWwzjTN\u002BZ9pG6JyAvh8JwcyIiTx5KVvvL94xI8fZ/4nEwa8i4c90F64o7jimXhpXDF2urcaMZhS0ySeFG5ZWIvFIJnCIls2Zl3Cx4vfM9QaxulhsmY39dW2qJ5bL80wCRpK4/siz8T3bfutJ37WgVuxGMbAEMKeoBDPHM4gplvciuTsX3qREj7aEUNB2HpCU70qbbvhYKoumd86yyFomW0wP1toYbPeyApVEyM/fwsU3a1ba\u002BmncmTJCJcLMBugpX4/6GevaFi7zhkz7t7oJmLGqX8j/K0jS3ZSMCcuvZHPqVlcRfX4WTy8cUTtzjt7BomWlD2iPFM/3mkOxvuOVJga87ooPFSPqFoG1zlIRvWMQ7o5fYz\u002Bdl\u002BpLYnrDfmBofKElvXoLHQeq3gIUuZdxyD8e5hBMkP807qLGqMoP2N0J\u002BB"}-->

<div id="blazor-error-ui">
          An error has occurred. This app may no longer respond until reloaded.
      </div>


<script src="_framework/blazor.web.js" asp-add-nonce="true"></script>


<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/core/jquery.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/core/popper.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/bootstrap/dist/js/bootstrap.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/moment.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/bootstrap-switch.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/jquery.validate.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/bootstrap-tagsinput.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/paper-dashboard.js?v=2.1.1" type="text/javascript"></script>


<script src="_content/UnlockedData.EasyPieChart/easyPieChartJquery.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.NoUiSlider/nouislider.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.NoUiSlider/blazorNoUISliderInterop.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/jquery-jvectormap-2.0.5.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/jVectorMapInterop.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/maps/world_mill.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/maps/Map_UK.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Mapael/js/mapael.dependencies.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/mapael.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/unlockeddata.mapael.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/maps/world_countries_miller.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Chartist.Blazor/chartist.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Chartist.Blazor/blazorChartistInterop.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.BlazorTour/bootstrap-tour.js" asp-add-nonce="true"></script>




<script src="_content/Blazored.Typeahead/blazored-typeahead.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Unlock8s.StaticContent/scripts/unlockedLibrary.js" asp-add-nonce="true"></script></body></html><!--Blazor-Server-Component-State:CfDJ8EWFfaRpmtJKgYPmgI9VVQyvj8SC9dzsq23aazroYvuVioNZWZRKGfHn21Y3ei2yDt1TqN8lBt7RYnZKDWve2n0oFvTB+cohUZwDj4VBjItVlwSXRbzH99FrmAQZlNn4Qg2UQKYgDdXlhF9n3CHrfMXJz/PMkUUZixLk58ekq5pFqHcO0IoMJlB23n7VWR2Sp3BE41C3geMwLNtfHgTB/kx5fcoB14YiwBTRjj774S+dcIPtZ4CjcmEsbHS1sJXtLCognmOvsZTLsGGh30oiEnJmYvHD1Rk4kvOEU72zqw7hZZeeDJFMRIxmXLxhf0zWueQGv/X6LycUf8nPQ2ETroPU+SPIN9rIVSU14yy3zeV+6c81PE3rfvqlcTbnhbw7WzrtXhlUskRe0ksUYEAbD6VonoGlgjk/w/zbFQPLoH28LMchmWNkax64xGzTk3SbE4PDFwxLRnPIOMNyxCSHrlTA6DarFFD2INEn0GAsB4SVY6Rz6X+WF2OjU34+sjcyCktoW7QnbtEu/1zqt+cjDhX4JLiAbxABkQsfU/msNl6c-->
          Parameter 
          .AspNetCore.Antiforgery.VyLW6ORzMgk
          Evidence 
          Set-Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk
          Solution

          Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.

  4. Risk=Informational, Confidence=Medium (3)

    1. https://umbrella.unlockeddata.com (3)

      1. Modern Web Application (1)
        1. GET https://umbrella.unlockeddata.com
          Alert tags
          Alert description

          The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.
          Other info

          No links have been found while there are scripts, which is an indication that this is a modern web application.
          Request
          Request line and header section (251 bytes) 
          GET https://umbrella.unlockeddata.com HTTP/1.1
host: umbrella.unlockeddata.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
          Request body (0 bytes)
          Response
          Status line and header section (962 bytes) 
          HTTP/1.1 200 OK
Date: Tue, 30 Jan 2024 08:54:05 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0
Pragma: no-cache
Set-Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8EWFfaRpmtJKgYPmgI9VVQw15ZG5P_bAnXqA6RA-46WCOM_qAA8-mZeOd2WrCA118skRRmVtBo_A8BbjBGkcGE5hUga3E1UF2kX6sPa8kCDgkQxLwJJbu3gBiMo2Q3TQ2WIM3bU1Wanpx7LwJrX5klc; path=/; samesite=strict; httponly
Content-Security-Policy: default-src 'self';script-src 'self' use.typekit.net 'nonce-GBoHX5kMf7f/aissGKlTCdJFrxJo5yEIcQqDhVpnVLo=' 'unsafe-inline';style-src 'self' use.typekit.net 'unsafe-inline';connect-src 'self';font-src 'self' data://* use.typekit.net;form-action 'self';img-src 'self' p.typekit.net;object-src 'none';frame-ancestors 'none';base-uri 'self'
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
blazor-enhanced-nav: allow
Strict-Transport-Security: max-age=15724800; includeSubDomains
content-length: 6879
          Response body (6879 bytes) 
          <!DOCTYPE html>
<html lang="en"><head><meta charset="utf-8">
    <meta name="viewport" content="width=device-width">
    <title>Unlocked Data</title>
    <base href="//" />

    
    <link href="_content/UnlockedData.Unlock8s.StaticContent/lib/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">

    
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/font-awesome/v4/font-awesome.min.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/font-awesome/css/all.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/themify/themify-icons.css" rel="stylesheet">

    <link href="_content/UnlockedData.Mapael/mapael.css" rel="stylesheet">

   

    
    <link href="_content/Blazored.Typeahead/blazored-typeahead.css" rel="stylesheet">


    
    <link href="_content/UnlockedData.JVectorMap/jvectormap.css" rel="stylesheet">
    <link href="_content/UnlockedData.Chartist.Blazor/chartist.css" rel="stylesheet">
    <link href="_content/UnlockedData.EasyPieChart/easyPieChart.css" rel="stylesheet">
    <link href="_content/UnlockedData.Mapael/mapael.css" rel="stylesheet">
    <link href="_content/UnlockedData.BlazorTour/blazorTour.css" rel="stylesheet">
    

    

    <link href="_content/UnlockedData.Unlock8s.StaticContent/favicon.ico" rel="shortcut icon">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/unlocked.min.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/print.min.css" rel="stylesheet">
    <link href="Unlock8s.ClientServices.Backend.styles.css" rel="stylesheet">
    <link href="custom.css" rel="stylesheet">
    <!--Blazor:{"type":"server","key":{"locationHash":"77D12F14A8105320B1AAED6AE7E689DA0EC4483270A645E84079EAA0FFDF550D:9","formattedComponentKey":""},"sequence":0,"descriptor":"CfDJ8EWFfaRpmtJKgYPmgI9VVQzpEeZ4I\u002BTHhLKY/RfdZjGrZwRORfbX9H1EJwxaCnsQTjkeKHjfwmuAbN6qc7CsGfHRHI//VOPpLyLJy33fBSna7NDtrr4sviw8AK76Wd2Dee0rbQ8IqJ8yzvGqi8\u002Be6Ulc0sV9YSc/f1N6jNshDUIwLiCnBRRqp2qtd/ENcnSQS9Ml6SWqtjxDZYT3R3AJ7iPtcP2YQx2U93PES8xjsiMCabmq8JnYJphpBsxBCRr0cwSwV1Ty3Jn6DBbIdXGBU4vy5vkxsJkFs0UV5mUjdgVOzY7sypY5fe1FTzabIX3JI8h9pklOsd2M1NJLa0p8Wp/KCB5R5m3wQZku9tJZqGs0n0KLZo93Yd8ttVxCtymGfmW7moy7NSK7gW66gr5ikgzj9WTkhxNJy3hWhr\u002BSN8zi7mtWthVANObdo4MRPyJA9Yhte4oZQs7TdtXE1HODq0rD82sSJuna0sDaVDKvTSEbzdEa9xeTHFO8C1RMh5ka9mPlksMsLPp1MvwKWlO/hXyWsndzkTfR9GcSMENpYmCzNYTpkyEJZYzZchrATlbnBvj7zrCX6Aha5dZjGZ6BM04="}--></head>
<body class="sidebar-mini" id="page"><!--Blazor:{"type":"server","key":{"locationHash":"60742154495B8270400EF25C2EE160147BAE6475C664F3BE9AC29F0822010998:14","formattedComponentKey":""},"sequence":1,"descriptor":"CfDJ8EWFfaRpmtJKgYPmgI9VVQzPdYzEEAZMgj\u002BlJ6LF9k6un\u002BELII08KjDz8DThLw8mAcB6nJaQ26RNvT\u002BuQ5E4aQIC4KUUXEiY8NE55tNr/m9PN023kv0CVS0qV70mmP9lG6PI59C2D10bi/zm9c1OqqI8MO/4PiH0eGz/69qlV2HXkctPQg1cfHxSexl4uIIWwzjTN\u002BZ9pG6JyAvh8JwcyIiTx5KVvvL94xI8fZ/4nEwa8i4c90F64o7jimXhpXDF2urcaMZhS0ySeFG5ZWIvFIJnCIls2Zl3Cx4vfM9QaxulhsmY39dW2qJ5bL80wCRpK4/siz8T3bfutJ37WgVuxGMbAEMKeoBDPHM4gplvciuTsX3qREj7aEUNB2HpCU70qbbvhYKoumd86yyFomW0wP1toYbPeyApVEyM/fwsU3a1ba\u002BmncmTJCJcLMBugpX4/6GevaFi7zhkz7t7oJmLGqX8j/K0jS3ZSMCcuvZHPqVlcRfX4WTy8cUTtzjt7BomWlD2iPFM/3mkOxvuOVJga87ooPFSPqFoG1zlIRvWMQ7o5fYz\u002Bdl\u002BpLYnrDfmBofKElvXoLHQeq3gIUuZdxyD8e5hBMkP807qLGqMoP2N0J\u002BB"}-->

<div id="blazor-error-ui">
          An error has occurred. This app may no longer respond until reloaded.
      </div>


<script src="_framework/blazor.web.js" asp-add-nonce="true"></script>


<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/core/jquery.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/core/popper.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/bootstrap/dist/js/bootstrap.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/moment.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/bootstrap-switch.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/jquery.validate.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/bootstrap-tagsinput.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/paper-dashboard.js?v=2.1.1" type="text/javascript"></script>


<script src="_content/UnlockedData.EasyPieChart/easyPieChartJquery.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.NoUiSlider/nouislider.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.NoUiSlider/blazorNoUISliderInterop.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/jquery-jvectormap-2.0.5.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/jVectorMapInterop.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/maps/world_mill.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/maps/Map_UK.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Mapael/js/mapael.dependencies.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/mapael.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/unlockeddata.mapael.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/maps/world_countries_miller.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Chartist.Blazor/chartist.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Chartist.Blazor/blazorChartistInterop.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.BlazorTour/bootstrap-tour.js" asp-add-nonce="true"></script>




<script src="_content/Blazored.Typeahead/blazored-typeahead.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Unlock8s.StaticContent/scripts/unlockedLibrary.js" asp-add-nonce="true"></script></body></html><!--Blazor-Server-Component-State:CfDJ8EWFfaRpmtJKgYPmgI9VVQyvj8SC9dzsq23aazroYvuVioNZWZRKGfHn21Y3ei2yDt1TqN8lBt7RYnZKDWve2n0oFvTB+cohUZwDj4VBjItVlwSXRbzH99FrmAQZlNn4Qg2UQKYgDdXlhF9n3CHrfMXJz/PMkUUZixLk58ekq5pFqHcO0IoMJlB23n7VWR2Sp3BE41C3geMwLNtfHgTB/kx5fcoB14YiwBTRjj774S+dcIPtZ4CjcmEsbHS1sJXtLCognmOvsZTLsGGh30oiEnJmYvHD1Rk4kvOEU72zqw7hZZeeDJFMRIxmXLxhf0zWueQGv/X6LycUf8nPQ2ETroPU+SPIN9rIVSU14yy3zeV+6c81PE3rfvqlcTbnhbw7WzrtXhlUskRe0ksUYEAbD6VonoGlgjk/w/zbFQPLoH28LMchmWNkax64xGzTk3SbE4PDFwxLRnPIOMNyxCSHrlTA6DarFFD2INEn0GAsB4SVY6Rz6X+WF2OjU34+sjcyCktoW7QnbtEu/1zqt+cjDhX4JLiAbxABkQsfU/msNl6c-->
          Evidence 
          <script src="_framework/blazor.web.js" asp-add-nonce="true"></script>
          Solution

          This is an informational alert and so no changes are required.
      2. Session Management Response Identified (1)
        1. GET https://umbrella.unlockeddata.com
          Alert tags
          Alert description

          The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to "Auto-Detect" then this rule will change the session management to use the tokens identified.
          Other info

          cookie:.AspNetCore.Antiforgery.VyLW6ORzMgk
          Request
          Request line and header section (251 bytes) 
          GET https://umbrella.unlockeddata.com HTTP/1.1
host: umbrella.unlockeddata.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
          Request body (0 bytes)
          Response
          Status line and header section (962 bytes) 
          HTTP/1.1 200 OK
Date: Tue, 30 Jan 2024 08:54:05 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0
Pragma: no-cache
Set-Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8EWFfaRpmtJKgYPmgI9VVQw15ZG5P_bAnXqA6RA-46WCOM_qAA8-mZeOd2WrCA118skRRmVtBo_A8BbjBGkcGE5hUga3E1UF2kX6sPa8kCDgkQxLwJJbu3gBiMo2Q3TQ2WIM3bU1Wanpx7LwJrX5klc; path=/; samesite=strict; httponly
Content-Security-Policy: default-src 'self';script-src 'self' use.typekit.net 'nonce-GBoHX5kMf7f/aissGKlTCdJFrxJo5yEIcQqDhVpnVLo=' 'unsafe-inline';style-src 'self' use.typekit.net 'unsafe-inline';connect-src 'self';font-src 'self' data://* use.typekit.net;form-action 'self';img-src 'self' p.typekit.net;object-src 'none';frame-ancestors 'none';base-uri 'self'
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
blazor-enhanced-nav: allow
Strict-Transport-Security: max-age=15724800; includeSubDomains
content-length: 6879
          Response body (6879 bytes) 
          <!DOCTYPE html>
<html lang="en"><head><meta charset="utf-8">
    <meta name="viewport" content="width=device-width">
    <title>Unlocked Data</title>
    <base href="//" />

    
    <link href="_content/UnlockedData.Unlock8s.StaticContent/lib/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">

    
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/font-awesome/v4/font-awesome.min.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/font-awesome/css/all.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/themify/themify-icons.css" rel="stylesheet">

    <link href="_content/UnlockedData.Mapael/mapael.css" rel="stylesheet">

   

    
    <link href="_content/Blazored.Typeahead/blazored-typeahead.css" rel="stylesheet">


    
    <link href="_content/UnlockedData.JVectorMap/jvectormap.css" rel="stylesheet">
    <link href="_content/UnlockedData.Chartist.Blazor/chartist.css" rel="stylesheet">
    <link href="_content/UnlockedData.EasyPieChart/easyPieChart.css" rel="stylesheet">
    <link href="_content/UnlockedData.Mapael/mapael.css" rel="stylesheet">
    <link href="_content/UnlockedData.BlazorTour/blazorTour.css" rel="stylesheet">
    

    

    <link href="_content/UnlockedData.Unlock8s.StaticContent/favicon.ico" rel="shortcut icon">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/unlocked.min.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/print.min.css" rel="stylesheet">
    <link href="Unlock8s.ClientServices.Backend.styles.css" rel="stylesheet">
    <link href="custom.css" rel="stylesheet">
    <!--Blazor:{"type":"server","key":{"locationHash":"77D12F14A8105320B1AAED6AE7E689DA0EC4483270A645E84079EAA0FFDF550D:9","formattedComponentKey":""},"sequence":0,"descriptor":"CfDJ8EWFfaRpmtJKgYPmgI9VVQzpEeZ4I\u002BTHhLKY/RfdZjGrZwRORfbX9H1EJwxaCnsQTjkeKHjfwmuAbN6qc7CsGfHRHI//VOPpLyLJy33fBSna7NDtrr4sviw8AK76Wd2Dee0rbQ8IqJ8yzvGqi8\u002Be6Ulc0sV9YSc/f1N6jNshDUIwLiCnBRRqp2qtd/ENcnSQS9Ml6SWqtjxDZYT3R3AJ7iPtcP2YQx2U93PES8xjsiMCabmq8JnYJphpBsxBCRr0cwSwV1Ty3Jn6DBbIdXGBU4vy5vkxsJkFs0UV5mUjdgVOzY7sypY5fe1FTzabIX3JI8h9pklOsd2M1NJLa0p8Wp/KCB5R5m3wQZku9tJZqGs0n0KLZo93Yd8ttVxCtymGfmW7moy7NSK7gW66gr5ikgzj9WTkhxNJy3hWhr\u002BSN8zi7mtWthVANObdo4MRPyJA9Yhte4oZQs7TdtXE1HODq0rD82sSJuna0sDaVDKvTSEbzdEa9xeTHFO8C1RMh5ka9mPlksMsLPp1MvwKWlO/hXyWsndzkTfR9GcSMENpYmCzNYTpkyEJZYzZchrATlbnBvj7zrCX6Aha5dZjGZ6BM04="}--></head>
<body class="sidebar-mini" id="page"><!--Blazor:{"type":"server","key":{"locationHash":"60742154495B8270400EF25C2EE160147BAE6475C664F3BE9AC29F0822010998:14","formattedComponentKey":""},"sequence":1,"descriptor":"CfDJ8EWFfaRpmtJKgYPmgI9VVQzPdYzEEAZMgj\u002BlJ6LF9k6un\u002BELII08KjDz8DThLw8mAcB6nJaQ26RNvT\u002BuQ5E4aQIC4KUUXEiY8NE55tNr/m9PN023kv0CVS0qV70mmP9lG6PI59C2D10bi/zm9c1OqqI8MO/4PiH0eGz/69qlV2HXkctPQg1cfHxSexl4uIIWwzjTN\u002BZ9pG6JyAvh8JwcyIiTx5KVvvL94xI8fZ/4nEwa8i4c90F64o7jimXhpXDF2urcaMZhS0ySeFG5ZWIvFIJnCIls2Zl3Cx4vfM9QaxulhsmY39dW2qJ5bL80wCRpK4/siz8T3bfutJ37WgVuxGMbAEMKeoBDPHM4gplvciuTsX3qREj7aEUNB2HpCU70qbbvhYKoumd86yyFomW0wP1toYbPeyApVEyM/fwsU3a1ba\u002BmncmTJCJcLMBugpX4/6GevaFi7zhkz7t7oJmLGqX8j/K0jS3ZSMCcuvZHPqVlcRfX4WTy8cUTtzjt7BomWlD2iPFM/3mkOxvuOVJga87ooPFSPqFoG1zlIRvWMQ7o5fYz\u002Bdl\u002BpLYnrDfmBofKElvXoLHQeq3gIUuZdxyD8e5hBMkP807qLGqMoP2N0J\u002BB"}-->

<div id="blazor-error-ui">
          An error has occurred. This app may no longer respond until reloaded.
      </div>


<script src="_framework/blazor.web.js" asp-add-nonce="true"></script>


<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/core/jquery.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/core/popper.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/bootstrap/dist/js/bootstrap.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/moment.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/bootstrap-switch.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/jquery.validate.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/bootstrap-tagsinput.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/paper-dashboard.js?v=2.1.1" type="text/javascript"></script>


<script src="_content/UnlockedData.EasyPieChart/easyPieChartJquery.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.NoUiSlider/nouislider.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.NoUiSlider/blazorNoUISliderInterop.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/jquery-jvectormap-2.0.5.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/jVectorMapInterop.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/maps/world_mill.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/maps/Map_UK.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Mapael/js/mapael.dependencies.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/mapael.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/unlockeddata.mapael.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/maps/world_countries_miller.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Chartist.Blazor/chartist.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Chartist.Blazor/blazorChartistInterop.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.BlazorTour/bootstrap-tour.js" asp-add-nonce="true"></script>




<script src="_content/Blazored.Typeahead/blazored-typeahead.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Unlock8s.StaticContent/scripts/unlockedLibrary.js" asp-add-nonce="true"></script></body></html><!--Blazor-Server-Component-State:CfDJ8EWFfaRpmtJKgYPmgI9VVQyvj8SC9dzsq23aazroYvuVioNZWZRKGfHn21Y3ei2yDt1TqN8lBt7RYnZKDWve2n0oFvTB+cohUZwDj4VBjItVlwSXRbzH99FrmAQZlNn4Qg2UQKYgDdXlhF9n3CHrfMXJz/PMkUUZixLk58ekq5pFqHcO0IoMJlB23n7VWR2Sp3BE41C3geMwLNtfHgTB/kx5fcoB14YiwBTRjj774S+dcIPtZ4CjcmEsbHS1sJXtLCognmOvsZTLsGGh30oiEnJmYvHD1Rk4kvOEU72zqw7hZZeeDJFMRIxmXLxhf0zWueQGv/X6LycUf8nPQ2ETroPU+SPIN9rIVSU14yy3zeV+6c81PE3rfvqlcTbnhbw7WzrtXhlUskRe0ksUYEAbD6VonoGlgjk/w/zbFQPLoH28LMchmWNkax64xGzTk3SbE4PDFwxLRnPIOMNyxCSHrlTA6DarFFD2INEn0GAsB4SVY6Rz6X+WF2OjU34+sjcyCktoW7QnbtEu/1zqt+cjDhX4JLiAbxABkQsfU/msNl6c-->
          Parameter 
          .AspNetCore.Antiforgery.VyLW6ORzMgk
          Evidence 
          CfDJ8EWFfaRpmtJKgYPmgI9VVQw15ZG5P_bAnXqA6RA-46WCOM_qAA8-mZeOd2WrCA118skRRmVtBo_A8BbjBGkcGE5hUga3E1UF2kX6sPa8kCDgkQxLwJJbu3gBiMo2Q3TQ2WIM3bU1Wanpx7LwJrX5klc
          Solution

          This is an informational alert rather than a vulnerability and so there is nothing to fix.
      3. User Agent Fuzzer (1)
        1. GET https://umbrella.unlockeddata.com
          Alert tags
          Alert description

          Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.
          Request
          Request line and header section (190 bytes) 
          GET https://umbrella.unlockeddata.com HTTP/1.1
host: umbrella.unlockeddata.com
user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
pragma: no-cache
cache-control: no-cache
          Request body (0 bytes)
          Response
          Status line and header section (962 bytes) 
          HTTP/1.1 200 OK
Date: Tue, 30 Jan 2024 08:54:27 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0
Pragma: no-cache
Set-Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8EWFfaRpmtJKgYPmgI9VVQwwFFM98EMZQvR7TWaGQDX9FMoL_ZdadJxQIdmsUZ8J_qLXmD7NEJT0ihAMDFq-gWDOGNSbvtRxK4AOiW5QlQISSJQkPD404c5dyMfAGcP3R84MZ6p778AUcA0dDVFr5oQ; path=/; samesite=strict; httponly
Content-Security-Policy: default-src 'self';script-src 'self' use.typekit.net 'nonce-PsfxkJNyA9AU2XfGB7cel4GNXGKDckpdWQYX/QHr2d8=' 'unsafe-inline';style-src 'self' use.typekit.net 'unsafe-inline';connect-src 'self';font-src 'self' data://* use.typekit.net;form-action 'self';img-src 'self' p.typekit.net;object-src 'none';frame-ancestors 'none';base-uri 'self'
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
blazor-enhanced-nav: allow
Strict-Transport-Security: max-age=15724800; includeSubDomains
content-length: 6914
          Response body (6914 bytes) 
          <!DOCTYPE html>
<html lang="en"><head><meta charset="utf-8">
    <meta name="viewport" content="width=device-width">
    <title>Unlocked Data</title>
    <base href="//" />

    
    <link href="_content/UnlockedData.Unlock8s.StaticContent/lib/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">

    
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/font-awesome/v4/font-awesome.min.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/font-awesome/css/all.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/themify/themify-icons.css" rel="stylesheet">

    <link href="_content/UnlockedData.Mapael/mapael.css" rel="stylesheet">

   

    
    <link href="_content/Blazored.Typeahead/blazored-typeahead.css" rel="stylesheet">


    
    <link href="_content/UnlockedData.JVectorMap/jvectormap.css" rel="stylesheet">
    <link href="_content/UnlockedData.Chartist.Blazor/chartist.css" rel="stylesheet">
    <link href="_content/UnlockedData.EasyPieChart/easyPieChart.css" rel="stylesheet">
    <link href="_content/UnlockedData.Mapael/mapael.css" rel="stylesheet">
    <link href="_content/UnlockedData.BlazorTour/blazorTour.css" rel="stylesheet">
    

    

    <link href="_content/UnlockedData.Unlock8s.StaticContent/favicon.ico" rel="shortcut icon">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/unlocked.min.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/print.min.css" rel="stylesheet">
    <link href="Unlock8s.ClientServices.Backend.styles.css" rel="stylesheet">
    <link href="custom.css" rel="stylesheet">
    <!--Blazor:{"type":"server","key":{"locationHash":"77D12F14A8105320B1AAED6AE7E689DA0EC4483270A645E84079EAA0FFDF550D:9","formattedComponentKey":""},"sequence":0,"descriptor":"CfDJ8EWFfaRpmtJKgYPmgI9VVQyIazamlz4CeboPscDLfWj6AbXD9qZiXtmeB5fc/5E2Qm2MXQQbffMPsZrv0aVCQpCK/PpWHYwegyvC/aWbr0lb5ocn\u002B7cDk3U5iERSaMWkMlB0pSKvqjHa99Wpbtv\u002BEXjehb1QNAAMqEhYqp5dBkmCCiiAnnruHpZ8oiH\u002B3lbXzMik5d9z339i1M3hloU9U4SShhzVEC5XmD7Vyn35E8r0GCv5m0OvB\u002BtRpyfULcrkSUitNq5TJB5yINn\u002BQJJATP7Yr547QOCAgAze92wVsm2pqXT2YLcG26JlGFi5\u002BOmSln6ar8N9FH4sUC4tvZWdHRMwywky9JJTJFu5iWI9HZvM5yLNHjaq9wvPdLbO9cqvAwKduAW6WRnH4tltWNdJBMYxQhYyMYAEu7\u002ByOWN1Ww6ZMWc\u002BrBuEKVBONRniQhVB8lPMrkLMTsDQKAdS23pxlhjcZAqFohTIprU6AUxAnCMwF9VmBky23zhEqEwHfcw/xYf61b7dDdQZsEmnQNSgVIyTxPSIcy2QaOMoVbFaAF3\u002Bviz8N5ELxe17YYS4hUTVF\u002BYg5ULRFr5TK87MB3dGFyk="}--></head>
<body class="sidebar-mini" id="page"><!--Blazor:{"type":"server","key":{"locationHash":"60742154495B8270400EF25C2EE160147BAE6475C664F3BE9AC29F0822010998:14","formattedComponentKey":""},"sequence":1,"descriptor":"CfDJ8EWFfaRpmtJKgYPmgI9VVQyGznSqYAZxNaBtvmmADuAY7eFXFtOGG7JTSBWjQTHPU0jgX1qL5qRN6sPRtCFJmXv8a1giDKi8HzsYwRoUyO9tAv9KSuSq7boDBfdsZ/yhPk45CKamp6R0Sp5AofLp7WzcXIzI8KddjTQyxvhRSj\u002B4Si\u002B9DNAzPdIFCfV9jP/6atqhFE0ont8WmPLm7ZjAGiEj580AK\u002BhiS72Xr25YRJS4NPwVrRfBs3tUAVyBsCi\u002BgkRyFCU6qSSj8CIOqh5zwMbx73qRnkid3ikWeh6bF0TF5cnGlK4TPI4blButFd9b\u002BcJ5hpsjlKRygre4G45JADBqGRyC5QuGk34NScqv1LDgMkwnhXGk05V93c3s1s6ARP1Mpz/mkS5BnG7C\u002BTqwQg7xdvyV53D\u002BL15ivHqtG/Y67KtokyuxniaGL152a4iEqzYpYNX\u002B5E6A/QMsx3lSkXxrs2FyTHPA3knES72rworakPwAIakPLzuMdpH7lsz8StyqKSRFpejZ0XhPnYl7OvokIQ1oVTsUGcC9xsrq3XxQLReMwWItOipZaSC2PTmSL8RQ8cXYEGsIljnSuhh99SY0r/emHJ7r/gSu/5dFw8N3"}-->

<div id="blazor-error-ui">
          An error has occurred. This app may no longer respond until reloaded.
      </div>


<script src="_framework/blazor.web.js" asp-add-nonce="true"></script>


<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/core/jquery.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/core/popper.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/bootstrap/dist/js/bootstrap.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/moment.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/bootstrap-switch.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/jquery.validate.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/bootstrap-tagsinput.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/paper-dashboard.js?v=2.1.1" type="text/javascript"></script>


<script src="_content/UnlockedData.EasyPieChart/easyPieChartJquery.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.NoUiSlider/nouislider.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.NoUiSlider/blazorNoUISliderInterop.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/jquery-jvectormap-2.0.5.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/jVectorMapInterop.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/maps/world_mill.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/maps/Map_UK.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Mapael/js/mapael.dependencies.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/mapael.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/unlockeddata.mapael.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/maps/world_countries_miller.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Chartist.Blazor/chartist.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Chartist.Blazor/blazorChartistInterop.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.BlazorTour/bootstrap-tour.js" asp-add-nonce="true"></script>




<script src="_content/Blazored.Typeahead/blazored-typeahead.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Unlock8s.StaticContent/scripts/unlockedLibrary.js" asp-add-nonce="true"></script></body></html><!--Blazor-Server-Component-State:CfDJ8EWFfaRpmtJKgYPmgI9VVQyasdny/71isBf9+5wEnpSL0rQjvvRGymHAlj5pKI7DkxUrRz1mM/Cxqe7w8H0fiInIUBbNB1EvM/bz/MTzPLuxHi9X01ko14yjnfwO9VmV0IkXRjTW+AP4UyMWZtzqE9zNwgWCHpXk7ApI1r1xxWYYL1Clp5MQNG4BQOgbQNWm89DzPn5t2e4TZhC/zve77+vYRF4EY5+sqyo5SsIVfJH4ZMweROP/SDuFU4zs3s4qlm7cv/e8HhoyBonMNwL0Wog2aVd5Co4EhJW9r/B7/Qb5t/2xjGZuS+FaP5iRZicv5/cgOGnlN54iuV4dcmZOwUq+DKr3ru6v0fCETERqQQZ5KcAtP7ULw645+DzVd8giR0sg4XNV/5BP5BgrmdWSoJD+uMeiryWB0NEfMHM7d56ML7ZWMOXinxMa9ceg68mucqXq0GM0n5TULufhRAE1Oc/DcMrwLAlcjKmPE4KgUpceJ8u3RqGf8Bbvv3wEwYlIWlOaMaqopSH3GgEdZ0mxz/M2Ks/GtV3m3frWGuTuyfbT-->
          Parameter 
          Header User-Agent
          Attack 
          Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)

  5. Risk=Informational, Confidence=Low (1)

    1. https://umbrella.unlockeddata.com (1)

      1. Re-examine Cache-control Directives (1)
        1. GET https://umbrella.unlockeddata.com
          Alert tags
          Alert description

          The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.
          Request
          Request line and header section (251 bytes) 
          GET https://umbrella.unlockeddata.com HTTP/1.1
host: umbrella.unlockeddata.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
          Request body (0 bytes)
          Response
          Status line and header section (962 bytes) 
          HTTP/1.1 200 OK
Date: Tue, 30 Jan 2024 08:54:05 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0
Pragma: no-cache
Set-Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8EWFfaRpmtJKgYPmgI9VVQw15ZG5P_bAnXqA6RA-46WCOM_qAA8-mZeOd2WrCA118skRRmVtBo_A8BbjBGkcGE5hUga3E1UF2kX6sPa8kCDgkQxLwJJbu3gBiMo2Q3TQ2WIM3bU1Wanpx7LwJrX5klc; path=/; samesite=strict; httponly
Content-Security-Policy: default-src 'self';script-src 'self' use.typekit.net 'nonce-GBoHX5kMf7f/aissGKlTCdJFrxJo5yEIcQqDhVpnVLo=' 'unsafe-inline';style-src 'self' use.typekit.net 'unsafe-inline';connect-src 'self';font-src 'self' data://* use.typekit.net;form-action 'self';img-src 'self' p.typekit.net;object-src 'none';frame-ancestors 'none';base-uri 'self'
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
blazor-enhanced-nav: allow
Strict-Transport-Security: max-age=15724800; includeSubDomains
content-length: 6879
          Response body (6879 bytes) 
          <!DOCTYPE html>
<html lang="en"><head><meta charset="utf-8">
    <meta name="viewport" content="width=device-width">
    <title>Unlocked Data</title>
    <base href="//" />

    
    <link href="_content/UnlockedData.Unlock8s.StaticContent/lib/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">

    
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/font-awesome/v4/font-awesome.min.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/font-awesome/css/all.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/themify/themify-icons.css" rel="stylesheet">

    <link href="_content/UnlockedData.Mapael/mapael.css" rel="stylesheet">

   

    
    <link href="_content/Blazored.Typeahead/blazored-typeahead.css" rel="stylesheet">


    
    <link href="_content/UnlockedData.JVectorMap/jvectormap.css" rel="stylesheet">
    <link href="_content/UnlockedData.Chartist.Blazor/chartist.css" rel="stylesheet">
    <link href="_content/UnlockedData.EasyPieChart/easyPieChart.css" rel="stylesheet">
    <link href="_content/UnlockedData.Mapael/mapael.css" rel="stylesheet">
    <link href="_content/UnlockedData.BlazorTour/blazorTour.css" rel="stylesheet">
    

    

    <link href="_content/UnlockedData.Unlock8s.StaticContent/favicon.ico" rel="shortcut icon">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/unlocked.min.css" rel="stylesheet">
    <link href="_content/UnlockedData.Unlock8s.StaticContent/css/print.min.css" rel="stylesheet">
    <link href="Unlock8s.ClientServices.Backend.styles.css" rel="stylesheet">
    <link href="custom.css" rel="stylesheet">
    <!--Blazor:{"type":"server","key":{"locationHash":"77D12F14A8105320B1AAED6AE7E689DA0EC4483270A645E84079EAA0FFDF550D:9","formattedComponentKey":""},"sequence":0,"descriptor":"CfDJ8EWFfaRpmtJKgYPmgI9VVQzpEeZ4I\u002BTHhLKY/RfdZjGrZwRORfbX9H1EJwxaCnsQTjkeKHjfwmuAbN6qc7CsGfHRHI//VOPpLyLJy33fBSna7NDtrr4sviw8AK76Wd2Dee0rbQ8IqJ8yzvGqi8\u002Be6Ulc0sV9YSc/f1N6jNshDUIwLiCnBRRqp2qtd/ENcnSQS9Ml6SWqtjxDZYT3R3AJ7iPtcP2YQx2U93PES8xjsiMCabmq8JnYJphpBsxBCRr0cwSwV1Ty3Jn6DBbIdXGBU4vy5vkxsJkFs0UV5mUjdgVOzY7sypY5fe1FTzabIX3JI8h9pklOsd2M1NJLa0p8Wp/KCB5R5m3wQZku9tJZqGs0n0KLZo93Yd8ttVxCtymGfmW7moy7NSK7gW66gr5ikgzj9WTkhxNJy3hWhr\u002BSN8zi7mtWthVANObdo4MRPyJA9Yhte4oZQs7TdtXE1HODq0rD82sSJuna0sDaVDKvTSEbzdEa9xeTHFO8C1RMh5ka9mPlksMsLPp1MvwKWlO/hXyWsndzkTfR9GcSMENpYmCzNYTpkyEJZYzZchrATlbnBvj7zrCX6Aha5dZjGZ6BM04="}--></head>
<body class="sidebar-mini" id="page"><!--Blazor:{"type":"server","key":{"locationHash":"60742154495B8270400EF25C2EE160147BAE6475C664F3BE9AC29F0822010998:14","formattedComponentKey":""},"sequence":1,"descriptor":"CfDJ8EWFfaRpmtJKgYPmgI9VVQzPdYzEEAZMgj\u002BlJ6LF9k6un\u002BELII08KjDz8DThLw8mAcB6nJaQ26RNvT\u002BuQ5E4aQIC4KUUXEiY8NE55tNr/m9PN023kv0CVS0qV70mmP9lG6PI59C2D10bi/zm9c1OqqI8MO/4PiH0eGz/69qlV2HXkctPQg1cfHxSexl4uIIWwzjTN\u002BZ9pG6JyAvh8JwcyIiTx5KVvvL94xI8fZ/4nEwa8i4c90F64o7jimXhpXDF2urcaMZhS0ySeFG5ZWIvFIJnCIls2Zl3Cx4vfM9QaxulhsmY39dW2qJ5bL80wCRpK4/siz8T3bfutJ37WgVuxGMbAEMKeoBDPHM4gplvciuTsX3qREj7aEUNB2HpCU70qbbvhYKoumd86yyFomW0wP1toYbPeyApVEyM/fwsU3a1ba\u002BmncmTJCJcLMBugpX4/6GevaFi7zhkz7t7oJmLGqX8j/K0jS3ZSMCcuvZHPqVlcRfX4WTy8cUTtzjt7BomWlD2iPFM/3mkOxvuOVJga87ooPFSPqFoG1zlIRvWMQ7o5fYz\u002Bdl\u002BpLYnrDfmBofKElvXoLHQeq3gIUuZdxyD8e5hBMkP807qLGqMoP2N0J\u002BB"}-->

<div id="blazor-error-ui">
          An error has occurred. This app may no longer respond until reloaded.
      </div>


<script src="_framework/blazor.web.js" asp-add-nonce="true"></script>


<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/core/jquery.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/core/popper.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/bootstrap/dist/js/bootstrap.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/moment.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/bootstrap-switch.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/jquery.validate.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/plugins/bootstrap-tagsinput.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Unlock8s.StaticContent/lib/paperDashboard2/js/paper-dashboard.js?v=2.1.1" type="text/javascript"></script>


<script src="_content/UnlockedData.EasyPieChart/easyPieChartJquery.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.NoUiSlider/nouislider.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.NoUiSlider/blazorNoUISliderInterop.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/jquery-jvectormap-2.0.5.min.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/jVectorMapInterop.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/maps/world_mill.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.JVectorMap/maps/Map_UK.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Mapael/js/mapael.dependencies.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/mapael.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/unlockeddata.mapael.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Mapael/js/maps/world_countries_miller.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Chartist.Blazor/chartist.js" asp-add-nonce="true"></script>
<script src="_content/UnlockedData.Chartist.Blazor/blazorChartistInterop.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.BlazorTour/bootstrap-tour.js" asp-add-nonce="true"></script>




<script src="_content/Blazored.Typeahead/blazored-typeahead.js" asp-add-nonce="true"></script>

<script src="_content/UnlockedData.Unlock8s.StaticContent/scripts/unlockedLibrary.js" asp-add-nonce="true"></script></body></html><!--Blazor-Server-Component-State:CfDJ8EWFfaRpmtJKgYPmgI9VVQyvj8SC9dzsq23aazroYvuVioNZWZRKGfHn21Y3ei2yDt1TqN8lBt7RYnZKDWve2n0oFvTB+cohUZwDj4VBjItVlwSXRbzH99FrmAQZlNn4Qg2UQKYgDdXlhF9n3CHrfMXJz/PMkUUZixLk58ekq5pFqHcO0IoMJlB23n7VWR2Sp3BE41C3geMwLNtfHgTB/kx5fcoB14YiwBTRjj774S+dcIPtZ4CjcmEsbHS1sJXtLCognmOvsZTLsGGh30oiEnJmYvHD1Rk4kvOEU72zqw7hZZeeDJFMRIxmXLxhf0zWueQGv/X6LycUf8nPQ2ETroPU+SPIN9rIVSU14yy3zeV+6c81PE3rfvqlcTbnhbw7WzrtXhlUskRe0ksUYEAbD6VonoGlgjk/w/zbFQPLoH28LMchmWNkax64xGzTk3SbE4PDFwxLRnPIOMNyxCSHrlTA6DarFFD2INEn0GAsB4SVY6Rz6X+WF2OjU34+sjcyCktoW7QnbtEu/1zqt+cjDhX4JLiAbxABkQsfU/msNl6c-->
          Parameter 
          cache-control
          Evidence 
          no-cache, no-store, max-age=0
          Solution

          For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".

Appendix

Alert types

This section contains additional information on the types of alerts in the report.

  1. CSP: style-src unsafe-inline

    Source raised by a passive scanner (CSP)
    CWE ID 693
    WASC ID 15
    Reference
    1. http://www.w3.org/TR/CSP2/
    2. http://www.w3.org/TR/CSP/
    3. http://caniuse.com/#search=content+security+policy
    4. http://content-security-policy.com/
    5. https://github.com/shapesecurity/salvation
    6. https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources

  2. Hidden File Found

    Source raised by an active scanner (Hidden File Finder)
    CWE ID 538
    WASC ID 13
    Reference
    1. https://blog.hboeck.de/archives/892-Introducing-Snallygaster-a-Tool-to-Scan-for-Secrets-on-Web-Servers.html

  3. Cookie Without Secure Flag

    Source raised by a passive scanner (Cookie Without Secure Flag)
    CWE ID 614
    WASC ID 13
    Reference
    1. https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html

  4. Modern Web Application

    Source raised by a passive scanner (Modern Web Application)

  5. Re-examine Cache-control Directives

    Source raised by a passive scanner (Re-examine Cache-control Directives)
    CWE ID 525
    WASC ID 13
    Reference
    1. https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
    2. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
    3. https://grayduck.mn/2021/09/13/cache-control-recommendations/

  6. Session Management Response Identified

    Source raised by a passive scanner (Session Management Response Identified)
    Reference
    1. https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id

  7. User Agent Fuzzer

    Source raised by an active scanner (User Agent Fuzzer)
    Reference
    1. https://owasp.org/wstg