⚠️ Strict-Transport-Security: NO configurado
Protege contra downgrade attacks
⚠️ X-Frame-Options: NO configurado
Previene clickjacking
⚠️ X-Content-Type-Options: NO configurado
Previene MIME sniffing
⚠️ Content-Security-Policy: NO configurado
Previene XSS
⚠️ X-XSS-Protection: NO configurado
Protección XSS del navegador
Intentos de inyección comunes (simulados):
' OR '1'='1 - Sería bloqueado por PDO prepared statements'; DROP TABLE alertas; -- - Sería bloqueado por PDO prepared statements1' UNION SELECT username, password FROM users -- - Sería bloqueado por PDO prepared statements<script>alert('XSS')</script> - Sería bloqueado por PDO prepared statements✅ Usas PDO prepared statements, estás protegido contra inyección SQL
| Campo | Valor Válido | Valor Inválido | Estado |
|---|---|---|---|
| tipo | robo |
<script>alert()</script> |
✅ Validado en backend |
| titulo | Alerta normal |
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
✅ Validado en backend |
| prioridad | alta |
super-alta |
✅ Validado en backend |
⚠️ /backend/microservices/alertas/index.php: 0644 (debería ser 644)
⚠️ /.htaccess: 0644 (debería ser 644)