This template searches for missing HTTP security headers. The impact of these missing headers can vary.
Request
GET / HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6 Safari/605.1.1582953
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 250
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:57:52 GMT
GET / HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6 Safari/605.1.1582953
CURL command
curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6 Safari/605.1.1582953' 'https://honey.scanme.sh'
Details: http-missing-security-headers:strict-transport-security matched at honey.scanme.sh
Protocol: HTTP
Full URL: https://honey.scanme.sh
Timestamp: Tue Apr 30 19:27:52 +0530 IST 2024
Template Information
Request
Response
CURL command
Generated by Nuclei v3.2.5