Missing required headers

Updated: June 19, 2025

findings action based findings api finding

Description

Severity: High

Some required headers are missing.

Certain headers are crucial for enforcing security policies and mechanisms, such as Cache-Control, Content-Security-Policy, Strict-Transport-Security, and X-Content-Type-Options. Absence of these headers can expose the API to security vulnerabilities like caching sensitive data, XSS (Cross-Site Scripting), or insecure content handling.

Remediation

Ensure that all required headers are included in responses.

Need help?

Contact FireTail support

Previous (Findings - Action based findings): Missing Content-Type header
Next (Findings - Action based findings): Modal jailbreak vulnerability