LogoLogo
APISupportDashboard
  • Welcome
  • Platform
    • Platform Overview
    • Getting Started Guide
    • Discovery
      • Domain Discovery
      • Network Discovery
      • Discovered Assets
    • Targets
      • Scan Policies
      • Add-on Services
      • Tags & Filtering
        • Default Tags
      • Managing Targets
      • Scan Configuration
    • Risk
    • Firewalls
      • Ports
      • HTTP Servers
      • DNS Records
    • Websites
      • Certificates
      • Scripts
      • Cookies
      • Headers
      • Forms
      • Links
      • Downloads
      • Traffic Hosts
      • Meta Tags
      • Pages
    • Technology
    • Issues
      • Vulnerability Management
      • Issue Settings
    • Reports
    • Compliance
    • Projects
      • Penetration Testing
      • Other Projects
    • Events
      • Event Rules
      • Event Types
    • Automations
      • Target Automations
      • Asset Automations
      • Target Issue Automations
  • Integrations
    • Discovery Integrations
      • Azure
      • Google Cloud
      • AWS
      • Cloudflare
      • Oracle Cloud Infrastructure
      • F5
      • GoDaddy
      • Wiz
      • HTTP
    • Workflow Integrations
      • Slack
      • Google Chat
      • Jira
      • PagerDuty
      • Splunk
      • AWS
      • Vanta
      • Microsoft Teams
      • ArmorCode
      • Zapier
        • Slack (via Zapier)
        • Jira (via Zapier)
        • Service Now (via Zapier)
    • Feeds
      • Using Feeds with Google Sheets
    • API
    • Webhooks
  • Account
    • Account Overview
      • Account Security
    • Users
      • Roles & Permissions
Powered by GitBook

© 2024 Halo Security

On this page
  • Use Cases
  • Detection
  • Risk
  • Monitoring
  • Pages

Was this helpful?

  1. Platform
  2. Websites

Headers

Monitor HTTP response headers and their values.

The Headers section allows you to monitor all the response headers that were sent by your web servers.

Use Cases

  • View which web applications are using secure response headers. Secure response headers protect users of the site by mitigating many common forms of web-based attacks, such as cross-site scripting (XSS), clickjacking, and others.

Detection

During the scanning process, we catalog all HTTP response headers that are returned when we issue queries.

Risk

Risk is assigned by verifying that critical headers are being sent by the target web application.

  • High (● Red): None currently.

  • Medium (● Yellow): Targets are missing some important headers. The headers we consider important are:

    • Content-Security-Policy

    • Strict-Transport-Security

    • X-Frame-Options

    • X-Content-Type-Options

    • Referrer-Policy

  • Low (● Green): No significant risks are associated with the headers.

We recommend fixing Medium risk issues.

Monitoring

Learn more about events at:

Pages

PreviousCookiesNextForms

Last updated 3 months ago

Was this helpful?

Headers rated Medium risk will create .

Headers can be monitored for changes by toggling their monitor status on the page. If a change is detected it will trigger a website-header-monitor-change event so you can be immediately notified.

: Risk rating and metrics on secure response headers found.

: Summary by Target of secure response headers.

: List of Targets and every header/value collected. Toggle monitor status of headers.

: Allows you to search for missing headers by name or value.

: Displays changes between current and prior scans when a header is found or no longer found, or the value is different.

issues
List
Events
Overview
Summary
List
Missing
Changes