Skip to content

Instantly share code, notes, and snippets.

@spaze
Last active April 21, 2020 14:52
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save spaze/c91b692fc988ff1d13e8 to your computer and use it in GitHub Desktop.
X-XSS-Protection sample report POST request
POST http://test.local/foo HTTP/1.1
Host: test.local
Connection: keep-alive
Content-Length: 116
Pragma: no-cache
Cache-Control: no-cache
Origin: http://test.local
X-FirePHP-Version: 0.0.6
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Content-Type: application/json
Accept: */*
DNT: 1
Referer: http://test.local/test.php?foo=%3Cscript%3Ealert(1);%3C/script%3E
Accept-Encoding: gzip, deflate
Accept-Language: cs,en-US;q=0.8,en;q=0.6
{"xss-report":{"request-url":"http://test.local/test.php?foo=%3Cscript%3Ealert(1);%3C/script%3E","request-body":""}}
POST http://test.local/foo HTTP/1.1
Host: test.local
Connection: keep-alive
Content-Length: 123
Pragma: no-cache
Cache-Control: no-cache
Origin: http://test.local
X-FirePHP-Version: 0.0.6
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Content-Type: application/json
Accept: */*
DNT: 1
Referer: http://test.local/test.php
Accept-Encoding: gzip, deflate
Accept-Language: cs,en-US;q=0.8,en;q=0.6
{"xss-report":{"request-url":"http://test.local/test.php","request-body":"foo=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E"}}
@bsysop
Copy link

bsysop commented Apr 21, 2020

Thanks dude!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment