Information Info Vega has detected comments in scanned content that may include sensitive information. Comments left by developers can include source code, usernames, passwords, or configuration settings. This information, while not visible on the rendered page, is still transmitted to the client. Disclosure of sensitive information could be used by an attacker to perform more intelligent attacks. The developers should investigate the flagged link and manually confirm the presence of comments containing sensitive information. Any such comments should be removed. Programming and markup languages allow for arbitrary text or segments of code to be marked as comments, meaning that they are in the source code file but excluded from parsing and execution or rendering. HTML supports comments, and though they aren't rendered as part of a web page, they are transmitted with the rest of the document to remote clients. Developers sometimes comment out server-side application code that would never otherwise be seen by clients, as HTML comments. These cases, and others, where sensitive information is included in HTML comments, can result in security vulnerabilities. CWE-615: Information Exposure through Comments (Mitre) Information Leakage (OWASP) Information Leakage (WASC)