powered by Jive Software

Xss protection, x-content-type-option, no cahe control

I have implemented a web chat using openfire enabling http-bind, but using owasp zap, i have find these vulnerabilities related to http-bind url:

  • Incomplete or No-Cache control and Pragma HTTP header set
  • Web Browser XSS Protection not enabled
  • X-Content-Type-Options header missing

How can I fix them?