### MEDIUM RISK

## 1. CSP: Wildcard Directive
# Eric response: Can't we updated the apache config to add trusted source?

## 2. CSP: style-src 'unsafe-inline'
# Eric response: Accept the risk

## 3. CSP Header Not Set
# Eric response: This is zabbix it's for internal use. Accept the risk

## 4. CSP: script-src 'unsafe-inline'
# Eric response: This is zabbix it's for internal use. Accept the risk

## 5. Absence of Anti-CSRF Tokens
# Eric response: accept the risk 

## 6. Source Code Disclosure - SQL
# Eric response: what source code is exposed?

## 7. Sub Resource Integrity Attribute Missing
# Eric response: nothink currently. Can you provide the integrity tag for the concerned external script

## 8. Vulnerable JavaScript Library
# Eric response: What's the concerne library?

## 9. Missing Anti-clickjacking Header
# Eric response:

## 10. Cross-Domain Misconfiguration
# Eric response:

### LOW RISK

## 1. Strict-Transport-Security Header Not Set
# Eric response: accept risk

## 2. Dangerous JavaScript Functions
# Eric response: Accept the risk

## 3. Server Leaks Version Information via 'Server' HTTP Response Header
# Eric response: Accept the risk

## 4. CSP: X-Content-Type-Options Header Missing
# Eric response: Accept risk

## 5. Cross-Domain JavaScript Source File Inclusion
# Eric response: accept the risk 

## 6. Cookie Without Secure Flag
# Eric response: accept the risk 

## 7. Cookie with SameSite Attribute None
# Eric response: accept the risk