Description

The application does not control browser functions in a document or within any iframe.

Impact

Enable functions that allow an attacker to compromise the confidentiality of application users.

Recommendation

- Enable the header permission policy and disable all functions that your application does not need.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes