search

mkrs2404 / tickets

0 stars 0 forks source link

HTTP Missing Security Headers (http-missing-security-headers:content-security-policy) found on honey.scanme.sh #38

Closed mkrs2404 closed 1 month ago

mkrs2404 commented 4 months ago

Details: http-missing-security-headers:content-security-policy matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh

Timestamp: Tue Apr 30 19:27:52 +0530 IST 2024

Template Information

Key Value
Name HTTP Missing Security Headers
Authors socketz, geeknik, g4l1t0, convisoappsec, kurohost, dawid-czarnecki, forgedhallpass, jub0bs
Tags misconfig, headers, generic
Severity info
Description This template searches for missing HTTP security headers. The impact of these missing headers can vary.

Request

GET / HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6 Safari/605.1.1582953
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 250
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:57:52 GMT

GET / HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6 Safari/605.1.1582953

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6 Safari/605.1.1582953' 'https://honey.scanme.sh'

Generated by Nuclei v3.2.5