7.576
Bearbeitungen
Änderungen
Die Seite wurde neu angelegt: „'''<span style="color:#c31622">HTTP-Security-Header-Scanner<span>''' <br> Unseen by the user, the header (HTTP-Header Protokoll) of a website is…“
'''<span style="color:#c31622">HTTP-Security-Header-Scanner<span>'''
<br>
Unseen by the user, the header ([[Header|HTTP-Header Protokoll]]) of a website is exchanged between the [[Client]] and the [[Server]] for every query and response. The [[Header]] influences the behavior of the browser on the user side. Largely, these are handled independently of the queried [[Webanwendung|Webapplikation]] and are defined in the webserver configurations. The [[Header Scanner|HTTP-Security-Header-Scanner]] now allows you to examine the header ([[HTTP]]-Header) of your web application for insecure configurations. The scanner ([[Crawler]]) checks the information of the [[HTTP]]-header of your website and generates a report on any vulnerabilities found that could enable an attacker to execute attacks via faked sender IP addresses ([[IP-Spoofing|Spoofing]]).<br>
*[[Content-Security-Policy-Schwachstelle/DE|CONTENT-SECURITY-POLICY]]<br>
*[[Content-Type-Nicht-Korrekt/DE|CONTENT-TYPE]]<br>
* PUBLIC-KEY-PINS (HPKP is not currently under review)<br>
<!--[[Public-Key-Pins-Deaktiviert/DE|PUBLIC-KEY-PINS]] (<span style="color:#c31622"><b>Achtung:</b></span> HPKP wird derzeit nicht überprüft)<br>-->
*[[Keine-Verschluesselung-Gefunden/DE|STRIKT-TRANSPORT-SECURITY]]<br>
*[[X-Content-Type-Options-Schwachstelle/DE|X-CONTENT-TYPE-OPTIONS]]<br>
*[[X-Frame-Options-Schwachstelle/DE|X-FRAME-OPTIONS]]<br>
*[[XSS-Schwachstelle/DE|X-XSS-PROTECTION]]
<br>
Unseen by the user, the header ([[Header|HTTP-Header Protokoll]]) of a website is exchanged between the [[Client]] and the [[Server]] for every query and response. The [[Header]] influences the behavior of the browser on the user side. Largely, these are handled independently of the queried [[Webanwendung|Webapplikation]] and are defined in the webserver configurations. The [[Header Scanner|HTTP-Security-Header-Scanner]] now allows you to examine the header ([[HTTP]]-Header) of your web application for insecure configurations. The scanner ([[Crawler]]) checks the information of the [[HTTP]]-header of your website and generates a report on any vulnerabilities found that could enable an attacker to execute attacks via faked sender IP addresses ([[IP-Spoofing|Spoofing]]).<br>
*[[Content-Security-Policy-Schwachstelle/DE|CONTENT-SECURITY-POLICY]]<br>
*[[Content-Type-Nicht-Korrekt/DE|CONTENT-TYPE]]<br>
* PUBLIC-KEY-PINS (HPKP is not currently under review)<br>
<!--[[Public-Key-Pins-Deaktiviert/DE|PUBLIC-KEY-PINS]] (<span style="color:#c31622"><b>Achtung:</b></span> HPKP wird derzeit nicht überprüft)<br>-->
*[[Keine-Verschluesselung-Gefunden/DE|STRIKT-TRANSPORT-SECURITY]]<br>
*[[X-Content-Type-Options-Schwachstelle/DE|X-CONTENT-TYPE-OPTIONS]]<br>
*[[X-Frame-Options-Schwachstelle/DE|X-FRAME-OPTIONS]]<br>
*[[XSS-Schwachstelle/DE|X-XSS-PROTECTION]]
