Verify HTTP response headers

Objective

  • Verify the HTTP Response headers of your Web Site/Apps.

How to

  • Use your intercepting proxy to browse through the entire site and analyse the response headers.
  • Use an online scanning tool like¬†https://securityheaders.io/
  • Scan the website with nikto¬†while capturing the traffic with tcpdump or wireshark.
    (you can import the captured network traffic in BurpSuite)

Common Findings

References