The Nikto scanner and Microsoft IIS.

WindowsGeek 21 Reputation points

I scanned my website with Nikto scanner and it showed me following information:

+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.  
+ The site uses SSL and Expect-CT header is not present.  
+ All CGI directories 'found', use '-C none' to test none  
+ Cookie .ASPXANONYMOUS created without the secure flag  

In the HTTP Response Headers, I defined following parameters:


Which parameters must be added to solve those security vulnerabilities?

Thank you.

Internet Information Services
{count} votes

1 answer

Sort by: Most helpful
  1. WindowsGeek 21 Reputation points

    To solve the Cookie Session Without 'Secure' Flag vulnerability, I found this tutorial. In the <system.web> element, I have following line:

    <httpCookies httpOnlyCookies="true" requireSSL="true" domain="String" />

    But why problem existed?

    Thank you.