Headers

Monitor HTTP response headers and their values.

The Headers section allows you to monitor all the response headers that were sent by your web servers.
Use Cases
View which web applications are using secure response headers. Secure response headers provide protection to users of the site by mitigating many common forms of web based attacks, such as cross-site scripting (XSS), clickjacking, and others.
Detection
During the scanning process we catalog all HTTP response headers that are returned when we issue queries.
Risk
Risk is assigned by verifying that important and critical headers are being sent by the target web application.
High (● Red): None currently.
Medium (● Yellow): Targets are missing some important headers. The headers we consider important are: Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy.
Low (● Green): No significant risks are associated with the headers.
Headers rated Medium risk will create issues.
We recommend fixing Medium risk issues.
Monitoring
Headers can be monitored for changes by toggling their monitor status on the List page. If a change is detected it will trigger a website-header-monitor-change event so you can be immediately notified.
Learn more about events at:
Events
Pages
​Overview: Risk rating and metrics on secure response headers found.
​Summary: Summary by Target of secure response headers.
​List: List of Targets and every header/value collected. Toggle monitor status of headers.
​Missing: Allows you to search for missing headers by name or value.
​Changes: Displays changes between current and prior scans when a header is found or no longer found, or the value is different.

Forms

Last modified 10mo ago