Protocol: Headers¶

Identifier: headers

Scanner(s) Support¶

Description¶

Sometimes web apps dont set security headers correctly, which can open the door for various problems. For example, if cache settings arent defined, sensitive data might be stored on a users device and potentially seen by others. Not specifying a content type or allowing browsers to guess it can lead to dangerous misinterpretations of data, potentially letting malicious content execute in an unexpected way. Without enforcing HTTPS strictly, connections might be unencrypted, exposing data in transit. Similarly, cookies that lack secure or HttpOnly flags can be intercepted or accessed by scripts, making session theft easier. Also, when servers reveal their version details in response headers, attackers can use this information to target known vulnerabilities. Developers need to be careful not to overlook these headers, as their improper setup can significantly increase a systems risk profile.

References:

• https://owasp.org/www-community/Security_Headers
• https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
• https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html
• https://www.tenable.com/plugins/was/98618s

Configuration¶

Example¶

Example configuration:

---
security_tests:
  headers:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

assets_allowed¶

Type : List[AssetType]*

List of assets that this check will cover.

skip¶

Type : boolean

Skip the test if true.