Verify HTTP response headers


  • Verify the HTTP Response headers of your Web Site/Apps.

How to

  • Use your intercepting proxy to browse through the entire site and analyse the response headers.
  • Use an online scanning tool like¬†
  • Scan the website with nikto¬†while capturing the traffic with tcpdump or wireshark.
    (you can import the captured network traffic in BurpSuite)

Common Findings