Other Security Considerations This section describes a few security vulnerabilities and how to handle them in HATS. Issue: Weak Password policyIssue: Account Lockout threshold missingIssue: ClickjackingIssue: Missing or insecure Cross-Frame Scripting DefenceIssue: Cacheable HTTPS ResponseIssue: Cookie without Secure flag setIssue: Version Information DisclosureIssue: Missing HTTP Strict-Transport-Security HeaderIssue: Missing "X-Content-Type-Options" headerIssue: Missing "XSS-Protection" headerIssue: Missing "Content-Security-Policy" headerIssue: Password field with autocomplete enabledIssue: Session Fixation PreventionIssue: Session HijackingIssue: CSRF AttacksIssue: Base Tag Hijacking