Missing HTTP Response Headers
The response does not contain some HTTP security headers.
Misconfigured HTTP Headers (MHH)
How this template works
APIs Selection
The template uses API selection filters to specify the criteria for selecting the API to test. In this case, it filters based on the response code, ensuring that it is greater than or equal to 200 and less than 300. It also extracts the URL from the response and assigns it to the variable "urlVar".
Execute request
The template specifies a single request to be executed. It modifies the URL using the value of the "urlVar" variable. This allows the template to dynamically test different URLs based on the API response.
Validation
The template validates the response code and response headers of the executed request. It checks that the response code is within the specified range (200 to 300) and that the response headers do not contain certain predefined headers related to HTTP security. If any of these headers are found in the response, it indicates a misconfiguration of HTTP headers.
Frequently asked questions
What are HTTP security headers and why are they important
How do HTTP security headers contribute to web application security
What are the potential risks of missing HTTP security headers
How can the absence of HTTP security headers impact the application's vulnerability to attacks
What are some common HTTP security headers that should be present in a secure web application
How can the presence of HTTP security headers be validated in a web application
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "

Security team,
Rippling