Missing HTTP Response Headers
The response does not contain some HTTP security headers.
Misconfigured HTTP Headers (MHH)
How this template works
The template uses API selection filters to specify the criteria for selecting the API to test. In this case, it filters based on the response code, ensuring that it is greater than or equal to 200 and less than 300. It also extracts the URL from the response and assigns it to the variable "urlVar".
The template specifies a single request to be executed. It modifies the URL using the value of the "urlVar" variable. This allows the template to dynamically test different URLs based on the API response.
The template validates the response code and response headers of the executed request. It checks that the response code is within the specified range (200 to 300) and that the response headers do not contain certain predefined headers related to HTTP security. If any of these headers are found in the response, it indicates a misconfiguration of HTTP headers.
Frequently asked questions
What are HTTP security headers and why are they important
How do HTTP security headers contribute to web application security
What are the potential risks of missing HTTP security headers
How can the absence of HTTP security headers impact the application's vulnerability to attacks
What are some common HTTP security headers that should be present in a secure web application
How can the presence of HTTP security headers be validated in a web application