2021-12-11 22:18:48 +05:30
---
stage: Secure
group: Dynamic Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# DAST browser-based crawler vulnerability checks **(ULTIMATE)**
The [DAST browser-based crawler ](../browser_based.md ) provides a number of vulnerability checks that are used to scan for vulnerabilities in the site under test.
| ID | Check | Severity | Type |
|:---|:------|:---------|:-----|
2022-04-04 11:22:00 +05:30
| [1004.1 ](1004.1.md ) | Sensitive cookie without HttpOnly attribute | Low | Passive |
2021-12-11 22:18:48 +05:30
| [16.1 ](16.1.md ) | Missing Content-Type header | Low | Passive |
| [16.2 ](16.2.md ) | Server header exposes version information | Low | Passive |
| [16.3 ](16.3.md ) | X-Powered-By header exposes version information | Low | Passive |
| [16.4 ](16.4.md ) | X-Backend-Server header exposes server information | Info | Passive |
2022-01-26 12:08:38 +05:30
| [16.5 ](16.5.md ) | AspNet header exposes version information | Low | Passive |
| [16.6 ](16.6.md ) | AspNetMvc header exposes version information | Low | Passive |
2022-07-23 23:45:48 +05:30
| [16.7 ](16.7.md ) | Strict-Transport-Security header missing or invalid | Low | Passive |
2022-04-04 11:22:00 +05:30
| [200.1 ](200.1.md ) | Exposure of sensitive information to an unauthorized actor (private IP address) | Low | Passive |
2022-07-23 23:45:48 +05:30
| [209.1 ](209.1.md ) | Generation of error message containing sensitive information | Low | Passive |
| [319.1 ](319.1.md ) | Mixed Content | Info | Passive |
| [352.1 ](352.1.md ) | Absence of anti-CSRF tokens | Medium | Passive |
2022-07-16 23:28:13 +05:30
| [359.1 ](359.1.md ) | Exposure of Private Personal Information (PII) to an unauthorized actor (credit card) | Medium | Passive |
| [359.2 ](359.2.md ) | Exposure of Private Personal Information (PII) to an unauthorized actor (United States social security number) | Medium | Passive |
2022-04-04 11:22:00 +05:30
| [548.1 ](548.1.md ) | Exposure of information through directory listing | Low | Passive |
2022-05-07 20:08:51 +05:30
| [598.1 ](598.1.md ) | Use of GET request method with sensitive query strings (session ID) | Medium | Passive |
2022-06-21 17:19:12 +05:30
| [598.2 ](598.2.md ) | Use of GET request method with sensitive query strings (password) | Medium | Passive |
| [598.3 ](598.3.md ) | Use of GET request method with sensitive query strings (Authorization header details) | Medium | Passive |
2022-07-23 23:45:48 +05:30
| [601.1 ](601.1.md ) | URL redirection to untrusted site ('open redirect') | Low | Passive |
2022-04-04 11:22:00 +05:30
| [614.1 ](614.1.md ) | Sensitive cookie without Secure attribute | Low | Passive |
2021-12-11 22:18:48 +05:30
| [693.1 ](693.1.md ) | Missing X-Content-Type-Options: nosniff | Low | Passive |
2022-06-21 17:19:12 +05:30
| [829.1 ](829.1.md ) | Inclusion of Functionality from Untrusted Control Sphere | Low | Passive |
| [829.2 ](829.2.md ) | Invalid Sub-Resource Integrity values detected | Medium | Passive |
