I have implemented a web chat using openfire enabling http-bind, but using owasp zap, i have find these vulnerabilities related to http-bind url:
- Incomplete or No-Cache control and Pragma HTTP header set
- Web Browser XSS Protection not enabled
- X-Content-Type-Options header missing
How can I fix them?