This section explains the limitations of the import script and manual changes that can be applied.

DAST scanners can report multiple issues that are not handled by the avi-iwaf-vpatch.py script. Though many of them might be beyond the scope of WAF, some can be mitigated by appropriate settings in NSX Advanced Load Balancer. Following are some examples:

1. Issues related to click-jacking can be mitigated by adding a X-Frame-Options HTTP header.

2. In the NSX Advanced Load Balancer admin UI, navigate to Virtualservice > Policies > HTTP Response action and select Add Header option.

3. Some issues related to cookies can be as follows:

   1. A cookie has been set without the HttpOnly flag.

   2. Cookie Does Not Contain the secure Attribute.

   These can be set by selecting appropriate options under Application Profile > Security.