Created
June 28, 2020 01:59
-
-
Save pablanco/0f299835b207db93b39f108bbb4fe87e to your computer and use it in GitHub Desktop.
An example of a redirection without HSTS or CSP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| $> curl --head https://www.not-hsts-header.com | |
| HTTP/1.1 301 Moved Permanently | |
| Content-length: 0 | |
| --- | |
| $> nmap -p 443 --script http-security-headers not-hsts-header.com | |
| .... | |
| PORT STATE SERVICE | |
| 443/tcp open https | |
| | http-security-headers: | |
| | Strict_Transport_Security: | |
| | HSTS not configured in HTTPS Server | |
| | X_XSS_Protection: | |
| | Header: X-XSS-Protection: 0 | |
| | Description: The XSS filter is disabled.| | |
| |_ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment