The rules
Checks protocol (http vs. https) and returns warning if it is not https.
Scanned headers
- Server
- Returns warning if server info is exposed.
- Access-Control-Allow-Origin
- Returns warning if its value is "*".
- Content-Security-Policy
- Returns missing header if this header is empty.
- Referrer-Policy
- Returns missing header if this header is empty.
- Permissions-Policy
- Returns missing header if this header is empty.
- X-XSS-Protection
- Returns missing header if this header is empty.
- X-Content-Type-Options
- Returns missing header if this header is empty.
- X-Frame-Options
- Returns missing header if this header is empty.
Possible Error (4xx & 5xx) Response Content
[
"101": {
"code": 101,
"msg": "Generic error",
"status": 500
},
"102": {
"code": 102,
"msg": "'url' parameter is required",
"status": 400
},
"103": {
"code": 103,
"msg": "Given URL is invalid",
"status": 400
},
"104": {
"code": 104,
"msg": "Only 'GET' method is supported",
"status": 400
},
"105": {
"code": 105,
"msg": "Couldn't get the web-site",
"status": 400
}
]
Possible Success (200) Response Content
[
"201": {
"code": 201,
"header": "",
"msg": "Protocol is http",
"suggestion": "https://letsencrypt.org/"
},
"202": {
"code": 202,
"header": "Server",
"msg": "Server software information is exposed",
"suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Server"
},
"203": {
"code": 203,
"header": "Access-Control-Allow-Origin",
"msg": "Accessing this web-site is allowed for every domain",
"suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS"
},
{
"code": 301,
"header": "Content-Security-Policy",
"msg": "Header is missing",
"suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
},
{
"code": 302,
"header": "Referrer-Policy",
"msg": "Header is missing",
"suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy"
},
{
"code": 303,
"header": "Permissions-Policy",
"msg": "Header is missing",
"suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy"
},
{
"code": 304,
"header": "X-XSS-Protection",
"msg": "Header is missing",
"suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection"
},
{
"code": 305,
"header": "X-Content-Type-Options",
"msg": "Header is missing",
"suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options"
},
{
"code": 306,
"header": "X-Frame-Options",
"msg": "Header is missing",
"suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options"
}
]