1.) Browser XSS Protection is not enabled 2.) X-Content-Type-Options header missing

[enter image description here]

Hi Friends ,

anyone heard about OWASP Zap Report ?? Scan request and response. i want create repohttps://eti-massemail.na24.visual.force.com/apex/MassEmail rt for one app of Salesforce. i face an issue in that.

how can i resolve please help me if anyone know ??

July 26, 2015
·
Answer
·
Like
0
·
Follow
2

Ben Roedell
I haven't used OWASP Zap Report yet but the issues that you're describing are likely solved by adding the appropriate URLs to Setup->Security Controls->CORS and/or Setup->Security Controls->Remote Site Settings.

Usually I wouldn't chime in with such a vague response but I figured that after two months of no replies something is better than nothing.

September 24, 2015
·
Like
0
·
Dislike
0

Gabriel Nitu
Please see Platform Security FAQS

https://developer.salesforce.com/page/Platform_Security_FAQS

October 24, 2016
·
Like
0
·
Dislike
0

You need to sign in to do that.

Need an account? Sign Up

Have an account? Sign In

Dismiss

Browse by Topic

Welcome to Support!

Show

sorted by

1.) Browser XSS Protection is not enabled 2.) X-Content-Type-Options header missing

You need to sign in to do that.