Module 06 — HTTP Security Headers & Configuration

Icon: Shield   |   Colour: Teal

Overview

Inspects HTTP security headers, information disclosure through server banners and error pages, cookie security flags, and TLS configuration.

How It Works

1. Security header checks — tests seven critical headers across key pages:
   • Strict-Transport-Security (HSTS)
   • Content-Security-Policy (CSP)
   • X-Frame-Options
   • X-Content-Type-Options
   • X-XSS-Protection
   • Referrer-Policy
   • Permissions-Policy
2. Server banner leakage — checks for Server and X-Powered-By headers revealing software versions.
3. Error page probing — requests non-existent paths to check for stack traces or framework information in error responses.
4. Cookie flag inspection — checks for Secure, HttpOnly, and SameSite attributes on all cookies.
5. TLS analysis — optional integration with testssl.sh or sslyze for in-depth TLS configuration testing.

Expected Findings

Finding	Severity
No HTTPS	High
TLS vulnerability	Critical
Missing HSTS header	High
Missing or dangerous CSP	Medium
Missing X-Frame-Options	Medium
Insecure cookie flags	Medium
Information disclosure headers	Low
Error page disclosure	Low

Related CWEs

• CWE-319: Cleartext Transmission
• CWE-1021: Clickjacking
• CWE-16: Configuration
• CWE-200: Information Exposure
• CWE-614: Sensitive Cookie Without Secure Flag
• CWE-1004: Sensitive Cookie Without HttpOnly Flag
• CWE-209: Error Message Information Leak