1.HTML form without CSRF protection
HTML表单没有CSRF保护
2.User credentials are sent in clear text
用户得凭证信息以明文发送
3.Cookie without HttpOnly flag set
Cookie未设置HttpOnly标识
4.Login page password-guessing attack
登录页面密码猜测攻击
5.OPTIONS method is enabled
允许options类型请求方式
6.Possible sensitive directories
可能的敏感目录
