Welcome to Scribd!

Skip carousel

HTTP Headers 1693715147462

Uploaded by

Sandro Melo

0% found this document useful (0 votes)

22 views2 pages

HTTP Headers

Original Title

HTTP_HEADERS_1693715147462

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

HTTP Headers

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

22 views2 pages

HTTP Headers 1693715147462

Uploaded by

Sandro Melo

HTTP Headers

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 2

Search inside document

HADESS.

IO
۱
HADESS

No Name Description Policies Attacks

nosniff -> Blocks a request if

1 MIME sniffing attacks Misconfigure
the request destination is of
X-Content-Type-Options
prevention RFD
type style and the MIME type is

not text/css, or of type script

0 -> Allow

1 -> Enables XSS filtering

Detect reflected cross-site
2 mode=block -> browser will prevent rendering of Misconfigure
X-XSS-Protection scripting attacks the page if an attack is detected.

report=<reporting-URI> -> sanitize the page and

CORS Deception
report the violation

Browser should be allowed DENY -> deny displayed in a frame

3 SAMEORIGIN -> displayed if all Misconfigure

X-Frame-Options to render a page
Virtual Patching Heatmap

ancestor frames are same origin to

Clickjacking
the page itself

Attacks Heatmap
default-src -> come from the site's own

origin
Misconfigure
4
Content-Security-Policy Control what resources media-src -> media to trusted providers
XSS
script-src -> specific server that hosts

trusted code
Clickjacking

max-age -> The time, in seconds, that the

informs browsers that the Misconfigure
browser should remember that a site is only to be
Strict-Transport-Security MITM
5 site should only be accessed accessed using HTTPS.
SSL/TLS Stripping attacks
includeSubDomains -> rule applies to all of the
using HTTPS site's subdomains as well Cookie hijacking attacks

no-referrer -> not include any Misconfigure

sent requests do not referrer information CSRF

6 Referrer-Policy no-referrer-when-downgrade ->
include any referrer Privacy attacks
Don't send the Referer header for
information Information
requests to less secure destinations

(HTTPS →HTTP, HTTPS→file) disclosure attacks

HADESS.IO
۱
HADESS

No Name Description Policies Attacks

no-cache -> response must be validated

7 control caching in browsers with the origin server before each reuse Misconfigure
Cache-Control no-store -> response directive indicates
and shared caches Cache Inspection
that any caches of any kind (private or

shared) should not store this response. Cache Deception

response header is a header Misconfigure

inline
8 indicating if the content is XSS
attachment
Content-Disposition
expected to be displayed filename="filename.jpg" clickjacking

RFD
inline in the browser
same-site -> Only requests from the

same Site can read the resource. Misconfigure

protection against certain
9 same-origin -> requests from the same
Cross-Origin-Resource-Policy XSS
requests from other origins origin (i.e. scheme + host + port)
Virtual Patching Heatmap

cross-origin -> any origin (both same- clickjacking

Attacks Heatmap
site and cross-site) can read the resource

Misconfigure
X-Rate-Limit: Control Limit of request
10 Http Header Injection
X-* Extra HTTP Header X-Origin -> Origin of requests

X-Forwarded-IP -> Change Real IP Cache Deception

Ratelimit Bypass

lists any encodings that have

gzip

Content-Encoding been applied to the compress DDoS

11
deflate Network eavesdropping
representation (message
br
payload), and in what order

Misconfigure
whether the response can * XSS
12 Access-Control-Allow-Origin <origin>
be shared with requesting Host Header Injection
null Cache Poisoning
code from the given origin

Misconfigure
specifies one or more POST, GET, OPTIONS
13 Access-Control-Allow-Methods
CSRF
*
methods allowed
XSS

Shmoocon XSS Proxy
Document17 pages
Shmoocon XSS Proxy
api-3714345
No ratings yet
Owasp Zap Scanner Output 2024-02-29
Document21 pages
Owasp Zap Scanner Output 2024-02-29
b.nandhu2810
No ratings yet
(Divi Report) Daptatech Rep
Document5 pages
(Divi Report) Daptatech Rep
carlos
No ratings yet
Vulnerabiliades - Diccionario
Document142 pages
Vulnerabiliades - Diccionario
Johan Morillo
No ratings yet
XSS
Document4 pages
XSS
anil
No ratings yet
OWASP ZAP Scan Report
Document101 pages
OWASP ZAP Scan Report
Syafri muhammad
No ratings yet
Web Programming Cheat Sheet Highlights
Document2 pages
Web Programming Cheat Sheet Highlights
Gabriel Barreto
No ratings yet
IronNet Threat Intelligence Brief - 2021 - 04
Document14 pages
IronNet Threat Intelligence Brief - 2021 - 04
Com Digful
No ratings yet
Linux Windows Privilege Escalation Cheat Sheet 1661340779
Document25 pages
Linux Windows Privilege Escalation Cheat Sheet 1661340779
Jose Chavez
No ratings yet
week 9 XSS
Document60 pages
week 9 XSS
Думан Рахматулла
No ratings yet
Threat Model For Bwapp
Document38 pages
Threat Model For Bwapp
shinde_jayesh2005
No ratings yet
OWASP LA The Last XSS Defense Talk Jim Manico 2018 08
Document75 pages
OWASP LA The Last XSS Defense Talk Jim Manico 2018 08
Ismael Oliveira
No ratings yet
1 s2.0 S1877050920310966 Main
Document8 pages
1 s2.0 S1877050920310966 Main
Rajesh R
No ratings yet
Cybersecurity Preliminary Audit For
Document15 pages
Cybersecurity Preliminary Audit For
Waldo Woo
No ratings yet
Red Team Ops - Mind Map
Document1 page
Red Team Ops - Mind Map
0xt3st
No ratings yet
Generated On Mar., 23 Nov. 2021 18:22:47 Summary of Alerts: High Medium Low Informational
Document1 page
Generated On Mar., 23 Nov. 2021 18:22:47 Summary of Alerts: High Medium Low Informational
Raksasa Repulsive
No ratings yet
Vulnerability Scan: Prepared by
Document13 pages
Vulnerability Scan: Prepared by
zitexit
No ratings yet
Sec20-Lehmann
Document19 pages
Sec20-Lehmann
Het Bhavin Patel
No ratings yet
Cargill Web Application Scanning Report
Document27 pages
Cargill Web Application Scanning Report
Hari King
No ratings yet
Vulnerability Scan: Prepared by
Document14 pages
Vulnerability Scan: Prepared by
zitexit
No ratings yet
Owasp Zap Hostedscan Report 2024-02-12
Document17 pages
Owasp Zap Hostedscan Report 2024-02-12
faizan.reza
No ratings yet
Emerging Tools & Trends in Hacking: Agenda - Short and Sweet: We Only Have 35 Min
Document15 pages
Emerging Tools & Trends in Hacking: Agenda - Short and Sweet: We Only Have 35 Min
anil
No ratings yet
What Is DOM-based XSS (Cross-Site Scripting) - Tutorial & Examples - Web Security Academy
Document3 pages
What Is DOM-based XSS (Cross-Site Scripting) - Tutorial & Examples - Web Security Academy
Yusuf Ahad
No ratings yet
2023-01-26 Hostedscan Report
Document30 pages
2023-01-26 Hostedscan Report
Hemraj Patel Bhuri
No ratings yet
Cisco
Document92 pages
Cisco
ari sirwan
No ratings yet
Unraveling DOM-Based XSS Mysteries
Document36 pages
Unraveling DOM-Based XSS Mysteries
Bala JE/BSNL
No ratings yet
Hiding in Plain Sight - A Longitudinal Study of Combosquatting Abuse
Document18 pages
Hiding in Plain Sight - A Longitudinal Study of Combosquatting Abuse
nabeel
No ratings yet
Cross Site Scripting (XSS)
Document11 pages
Cross Site Scripting (XSS)
Jithukrishnan v
No ratings yet
(Divi Report) Tokenlab
Document12 pages
(Divi Report) Tokenlab
carlos
No ratings yet
White Hat Hacking Complete Guide To XSS Attacks
Document18 pages
White Hat Hacking Complete Guide To XSS Attacks
Raghav Dhiman
No ratings yet
Unraveling Some Mysteries Around DOM-based XSS
Document42 pages
Unraveling Some Mysteries Around DOM-based XSS
jtmdavis
No ratings yet
Flutter
Document1 page
Flutter
mouchrif.hadi
No ratings yet
System Design Blueprint
Document1 page
System Design Blueprint
yash
No ratings yet
CMD CTRL
Document4 pages
CMD CTRL
Allison Snipes
No ratings yet
2022 12 27 ZAP Report
Document7 pages
2022 12 27 ZAP Report
RandomG05
No ratings yet
Cross Site Scripting Ethical Hacking Lab Exercise
Document10 pages
Cross Site Scripting Ethical Hacking Lab Exercise
Paul Crane
No ratings yet
Sec21 Squarcina
Document19 pages
Sec21 Squarcina
Christian Telleng
No ratings yet
ZAP Scanning: Project 2
Document24 pages
ZAP Scanning: Project 2
Sabyasachi dutta
No ratings yet
National Critical Infrastructure Protection Centre CVE Report Volume 5 Highlights Vulnerabilities
Document4 pages
National Critical Infrastructure Protection Centre CVE Report Volume 5 Highlights Vulnerabilities
Ravi Sankar
No ratings yet
Lab 11
Document6 pages
Lab 11
tài nguyễn
No ratings yet
Cloud WAF CDN Technical in Depth
Document46 pages
Cloud WAF CDN Technical in Depth
tuanlt
No ratings yet
System Design Blueprint: The Ultimate Guide
Document1 page
System Design Blueprint: The Ultimate Guide
Sathiamoorthy Duraisamy
No ratings yet
3839 11437 1 PB
Document10 pages
3839 11437 1 PB
winda.sianipar
No ratings yet
Ben's Security+ Notes
Document22 pages
Ben's Security+ Notes
IftaKharulIslamArnob
No ratings yet
Cross-Site Scripting: Computer and Network Security Seminar
Document25 pages
Cross-Site Scripting: Computer and Network Security Seminar
nageshmalyala
No ratings yet
Our Topic:: Web Usage Mining
Document51 pages
Our Topic:: Web Usage Mining
Krishnakant Dev
No ratings yet
Xssauditor
Document9 pages
Xssauditor
cajeha6903
No ratings yet
AD Privilege Escalation Hardening Checklist
Document3 pages
AD Privilege Escalation Hardening Checklist
djiraud
No ratings yet
© 2020 Caendra Inc. - Hera For Waptxv2 - Attacking Ldap
Document9 pages
© 2020 Caendra Inc. - Hera For Waptxv2 - Attacking Ldap
Saw Gyi
No ratings yet
HTTP Document
Document5 pages
HTTP Document
bsf2105191
No ratings yet
paper
Document18 pages
paper
Gal Bodiroza
No ratings yet
IronNet Threat Intelligence Brief - 2021 - 03
Document12 pages
IronNet Threat Intelligence Brief - 2021 - 03
Com Digful
No ratings yet
Ultimate Threat Response With Powerful Visibility
Document4 pages
Ultimate Threat Response With Powerful Visibility
oof o
No ratings yet
Don't Trust The Locals: Investigating The Prevalence of Persistent Client-Side Cross-Site Scripting in The Wild
Document15 pages
Don't Trust The Locals: Investigating The Prevalence of Persistent Client-Side Cross-Site Scripting in The Wild
raed waheed
No ratings yet
What Is Cross-Site Scripting (XSS) and How To Prevent It - Web
Document6 pages
What Is Cross-Site Scripting (XSS) and How To Prevent It - Web
You
No ratings yet
Know Your Phish: Novel Techniques For Detecting Phishing Sites and Their Targets
Document14 pages
Know Your Phish: Novel Techniques For Detecting Phishing Sites and Their Targets
mainakroni
No ratings yet
Heist
Document11 pages
Heist
khr44540
No ratings yet
Multi-Threaded Architectures Memory and Synchronization
Document47 pages
Multi-Threaded Architectures Memory and Synchronization
Narendra Kumar
No ratings yet
VTI Cheatsheet
Document3 pages
VTI Cheatsheet
Fernando Rocha
No ratings yet
Sift Cheatsheet PDF
Document2 pages
Sift Cheatsheet PDF
Shawlar Naphew
No ratings yet
Rootkits, Part 1 of 3: The Growing Threat: White Paper - April 2006
Document8 pages
Rootkits, Part 1 of 3: The Growing Threat: White Paper - April 2006
Sandro Melo
No ratings yet
ARTICLE Forensics
Document6 pages
ARTICLE Forensics
Sandro Melo
No ratings yet
SANS
Document2 pages
SANS
Sandro Melo
No ratings yet
Robust Linux Memory Acquisition With Minimal Target Impact: Digital Forensic Research Conference
Document9 pages
Robust Linux Memory Acquisition With Minimal Target Impact: Digital Forensic Research Conference
Sandro Melo
No ratings yet
Windows 1693667965753
Document57 pages
Windows 1693667965753
Sandro Melo
No ratings yet
Preserving Computer-Aided Design (CAD) : Alex Ball
Document48 pages
Preserving Computer-Aided Design (CAD) : Alex Ball
SANELANGEL
No ratings yet
SQlite PocketReference Final
Document2 pages
SQlite PocketReference Final
Kamm Narcisse
No ratings yet
SANs SANS
Document1 page
SANs SANS
Sandro Melo
No ratings yet
SANS
Document34 pages
SANS
Sandro Melo
No ratings yet
Initial Security Incident Questionnaire For Responders PDF
Document1 page
Initial Security Incident Questionnaire For Responders PDF
Rufino Uribe
No ratings yet
Log Analysis Cheat Sheet: 40+ Items to Check During Security Incident Response
Document1 page
Log Analysis Cheat Sheet: 40+ Items to Check During Security Incident Response
Cesar Gregorio Schmidt
No ratings yet
Seven Ways To Apply The Cyber Kill Chain With A Threat Intelligence Platform
Document12 pages
Seven Ways To Apply The Cyber Kill Chain With A Threat Intelligence Platform
oscar1andres1pineda1
No ratings yet
Sans PDF
Document2 pages
Sans PDF
Sandro Melo
No ratings yet
Intrusion Discovery Linux Cheat Sheet
Document2 pages
Intrusion Discovery Linux Cheat Sheet
Raquel Waitforit
No ratings yet
Sans PDF
Document4 pages
Sans PDF
Sandro Melo
No ratings yet
Pen Test Rules of Engagement Worksheet
Document3 pages
Pen Test Rules of Engagement Worksheet
Karo
No ratings yet
Hex File Headers and Regex for Forensics
Document2 pages
Hex File Headers and Regex for Forensics
zcynux
No ratings yet
Target Org Security Concerns & Scope for Pentest
Document4 pages
Target Org Security Concerns & Scope for Pentest
lazaru5
No ratings yet
DFIR-Intel-v1-4-16
Document2 pages
DFIR-Intel-v1-4-16
Sandro Melo
No ratings yet
Sans 1231
Document1 page
Sans 1231
Sandro Melo
No ratings yet
SANS
Document2 pages
SANS
Sandro Melo
No ratings yet
50 Shades of S Stem Calls: Sysdig Open Source - Troubleshooting With A Spectrogram Using Csysdig
Document9 pages
50 Shades of S Stem Calls: Sysdig Open Source - Troubleshooting With A Spectrogram Using Csysdig
Sandro Melo
No ratings yet
Research Mechanisms Improve Intrusion Models
Document13 pages
Research Mechanisms Improve Intrusion Models
Sandro Melo
No ratings yet
Rekall Memory Forensics Cheatsheet
Document2 pages
Rekall Memory Forensics Cheatsheet
rsh2ada2190
No ratings yet
Tips For Reverse-Engineering Malicious Code
Document1 page
Tips For Reverse-Engineering Malicious Code
Sandro Melo
No ratings yet
HFS+ File System Format Reference Sheet: HFS+ Data Is Big Endian GPT Is Li2le Endian
Document2 pages
HFS+ File System Format Reference Sheet: HFS+ Data Is Big Endian GPT Is Li2le Endian
Sandro Melo
No ratings yet
Sans 876
Document1 page
Sans 876
Sandro Melo
No ratings yet
SEMINAR
Document15 pages
SEMINAR
RISHI VASUDEVA
No ratings yet
Architecture of Microsoft Mediaroom
Document192 pages
Architecture of Microsoft Mediaroom
Papara Radu
100% (4)
Informatic 8-Training-BISP PDF
Document271 pages
Informatic 8-Training-BISP PDF
ahmed_sft
No ratings yet
SOC Incident Log Book
Document13 pages
SOC Incident Log Book
darma bonar
No ratings yet
O-BB03B Min
Document12 pages
O-BB03B Min
Christoff Romuald
No ratings yet
Source - BlueCoat Management and Configuration Guide Version 3
Document1 page
Source - BlueCoat Management and Configuration Guide Version 3
itandroid
No ratings yet
Selling Partner API Developer Guide
Document36 pages
Selling Partner API Developer Guide
sajicz
No ratings yet
AGA KHAN UNIVERSITY EXAMINATION BOARD HIGHER SECONDARY SCHOOL CERTIFICATE CLASS XI COMPUTER SCIENCE MODEL PAPER
Document16 pages
AGA KHAN UNIVERSITY EXAMINATION BOARD HIGHER SECONDARY SCHOOL CERTIFICATE CLASS XI COMPUTER SCIENCE MODEL PAPER
Muhammad Zahooruddin
No ratings yet
AEM Notes
Document6 pages
AEM Notes
Shashi Kumar
100% (1)
DNS SRV Service Types (RFC 2782)
Document36 pages
DNS SRV Service Types (RFC 2782)
Henry
No ratings yet
SIP Certification Rel.1.1
Document361 pages
SIP Certification Rel.1.1
Viswanath
No ratings yet
Security Testing Report: Snakerr
Document37 pages
Security Testing Report: Snakerr
wewola
No ratings yet
Symfony Components 4.0
Document69 pages
Symfony Components 4.0
Elone Izata Sampaio
No ratings yet
Asd Flask Tutorial
Document70 pages
Asd Flask Tutorial
Raquel Duarte
No ratings yet
Format of An HTTP Request and Response
Document1 page
Format of An HTTP Request and Response
Ganesh Pal Singh
No ratings yet
SAP PI Use Cases PDF
Document57 pages
SAP PI Use Cases PDF
Farai Ziweni
No ratings yet
Networking Case Study in Stem Education - Application Layer Protocol Labs
Document10 pages
Networking Case Study in Stem Education - Application Layer Protocol Labs
S U B R O 0
No ratings yet
Oracle R12 Full Map
Document3 pages
Oracle R12 Full Map
Salim Chérif
No ratings yet
Standalone vs ECC Installation of SAP E-Recruiting
Document5 pages
Standalone vs ECC Installation of SAP E-Recruiting
abcd
100% (1)
12-Middleware - Laravel - The PHP Framework For Web Artisans
Document6 pages
12-Middleware - Laravel - The PHP Framework For Web Artisans
Momo Semerkhet
No ratings yet
Xerox AltaLink C80xx SoftwareUpgradeUtility Instructions 27400
Document14 pages
Xerox AltaLink C80xx SoftwareUpgradeUtility Instructions 27400
Pablo Vallejo Zúñiga
No ratings yet
ITNE2005LAB5-ConfigureanIntrus
Document20 pages
ITNE2005LAB5-ConfigureanIntrus
ritadhikarycse
No ratings yet
Changes
Document188 pages
Changes
thebosshere
No ratings yet
Web Page Designing Using HTML Complete Course
Document178 pages
Web Page Designing Using HTML Complete Course
Ravi Chandran R
100% (1)
Network Factory Administrator Guide
Document141 pages
Network Factory Administrator Guide
altsysrq
No ratings yet
SNR S2980G 8T Configuration Guide
Document418 pages
SNR S2980G 8T Configuration Guide
mikkhail
No ratings yet
Royal Protocol Forcepoint Project
Document12 pages
Royal Protocol Forcepoint Project
razzaque003
No ratings yet
Build Complex Web Apps with Python & SQL
Document8 pages
Build Complex Web Apps with Python & SQL
Parth Patel
No ratings yet
Web Control and Monitoring With PIC Microcontroller - StudentCompanion
Document13 pages
Web Control and Monitoring With PIC Microcontroller - StudentCompanion
Doppler_E
No ratings yet
F-Secure Client Security Administrator's Guide
Document174 pages
F-Secure Client Security Administrator's Guide
Abqori Aula
No ratings yet