Lighthouse Security

Name: Lighthouse Security
Uploaded: 2026-04-27T19:38:58+00:00
Description: A discussion on Lighthouse security, a demo penetration test at the main point of access, along with best practices on domain URL's, and finally some advice on not sharing ANY link

By Lee 4 views 0 / 5 (0 votes)

A discussion on Lighthouse security, a demo penetration test at the main point of access, along with best practices on domain URL's, and finally some advice on not sharing ANY links at community support.

Here's the official explanation for the false positive results.

ZAP has passive scan rules that check if discovered URLs are missing from a sitemap. If it "guesses" a sitemap exists (due to a link or a response it misinterprets), it will alert you to any discrepancies it finds between that "sitemap" and the site structure it has crawled.

For obvious reasons Lighthouse doesn't have a sitemap.xml file because the pages are private, and I use noindex, nofollow in the header.

As always, questions though support,

Cheers, Lee