# Origin Security Fixes Report ## Fixes ### High Risk Issues - There was no high risk issue found ### Medium Risk Findings - M1. Potential clickjacking attack: - Solved ### Low Risk Findings - L1. Insecure version of transport security protocol is supported - Solved - L2. The application server supports TLS cipher suites without forward security - Solved - L3. Browser cross-site scripting filter misconfiguration - Solved - L4. Strict-Transport-Security misconfiguration - Pendent. Could not test this against the browser. Trying to figure out another way to test this locally before deployment - L5. Cross-domain policy misconfiguration - Solved - L6. Platform information is disclosed in server's responses - Solved - L7. Auto-complete feature is not disabled for password fields - Not solved for `api.useorigin.com/admin` because the cost of changing this was too high for its relevance.