GDPR Art. 32
Security of processing
UnveilScan findings mapped to this control
The scanner emits 11 distinct findings on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).
web.cookie_missing_secure
⏱ 15 min
WEB — Cookie missing secure
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 2 other controls
web.cookie_session_without_httponly
⏱ 15 min
WEB — Cookie session without httponly
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 2 other controls
web.cross_origin_password_form
⏱ 4h
WEB — Cross origin password form
Risk if ignored: Either phishing or compromised template — credentials actively flow to a foreign origin on every submission.
security legal reputational
web.http_no_https_redirect
⏱ 15 min
WEB — Http no https redirect
Risk if ignored: Every first visit over http:// is a plaintext page hand-off. SSLStrip / active on-path attackers downgrade the user silently; cookies set during that visit are exposed. HSTS only helps from the SECOND visit onward.
security
web.leak.backup_sql
⏱ 15 min
WEB — Leak.backup sql
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 2 other controls
web.leak.dbdump_sql
⏱ 15 min
WEB — Leak.dbdump sql
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 2 other controls
web.leak.env_local
⏱ 4h
WEB — Leak.env local
Risk if ignored: Framework override env file typically carries production-only secrets — assume same-day credential harvest by scanners.
security financial
Also maps to 2 other controls
web.leak.wp_config_bak
⏱ 15 min
WEB — Leak.wp config bak
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 2 other controls
web.nextjs_data_leak
⏱ 1h
WEB — Nextjs data leak
Risk if ignored: Credentials / tokens world-readable in page HTML. Treat leaked material as publicly burned — rotate immediately.
security financial
Also maps to 2 other controls
web.secrets_in_html
⏱ 4h
WEB — Secrets in html
Risk if ignored: A cloud/SaaS token is visible on every page load. Attackers scrape homepages at scale for exactly this — rotation within hours is the bare minimum.
security financial legal
web.wayback.secret
⏱ 15 min
WEB — Wayback.secret
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational