Header Scanner/EN: Unterschied zwischen den Versionen
(Die Seite wurde neu angelegt: „'''<span style="color:#c31622">HTTP-Security-Header-Scanner<span>''' <br> Unseen by the user, the header (HTTP-Header Protokoll) of a website is…“) |
|||
Zeile 4: | Zeile 4: | ||
Unseen by the user, the header ([[Header|HTTP-Header Protokoll]]) of a website is exchanged between the [[Client]] and the [[Server]] for every query and response. The [[Header]] influences the behavior of the browser on the user side. Largely, these are handled independently of the queried [[Webanwendung|Webapplikation]] and are defined in the webserver configurations. The [[Header Scanner|HTTP-Security-Header-Scanner]] now allows you to examine the header ([[HTTP]]-Header) of your web application for insecure configurations. The scanner ([[Crawler]]) checks the information of the [[HTTP]]-header of your website and generates a report on any vulnerabilities found that could enable an attacker to execute attacks via faked sender IP addresses ([[IP-Spoofing|Spoofing]]).<br> | Unseen by the user, the header ([[Header|HTTP-Header Protokoll]]) of a website is exchanged between the [[Client]] and the [[Server]] for every query and response. The [[Header]] influences the behavior of the browser on the user side. Largely, these are handled independently of the queried [[Webanwendung|Webapplikation]] and are defined in the webserver configurations. The [[Header Scanner|HTTP-Security-Header-Scanner]] now allows you to examine the header ([[HTTP]]-Header) of your web application for insecure configurations. The scanner ([[Crawler]]) checks the information of the [[HTTP]]-header of your website and generates a report on any vulnerabilities found that could enable an attacker to execute attacks via faked sender IP addresses ([[IP-Spoofing|Spoofing]]).<br> | ||
− | *[[Content-Security-Policy-Schwachstelle/ | + | *[[Content-Security-Policy-Schwachstelle/EN|CONTENT-SECURITY-POLICY]]<br> |
− | *[[Content-Type-Nicht-Korrekt/ | + | *[[Content-Type-Nicht-Korrekt/EN|CONTENT-TYPE]]<br> |
* PUBLIC-KEY-PINS (HPKP is not currently under review)<br> | * PUBLIC-KEY-PINS (HPKP is not currently under review)<br> | ||
<!--[[Public-Key-Pins-Deaktiviert/DE|PUBLIC-KEY-PINS]] (<span style="color:#c31622"><b>Achtung:</b></span> HPKP wird derzeit nicht überprüft)<br>--> | <!--[[Public-Key-Pins-Deaktiviert/DE|PUBLIC-KEY-PINS]] (<span style="color:#c31622"><b>Achtung:</b></span> HPKP wird derzeit nicht überprüft)<br>--> | ||
− | *[[Keine-Verschluesselung-Gefunden/ | + | *[[Keine-Verschluesselung-Gefunden/EN|STRIKT-TRANSPORT-SECURITY]]<br> |
− | *[[X-Content-Type-Options-Schwachstelle/ | + | *[[X-Content-Type-Options-Schwachstelle/EN|X-CONTENT-TYPE-OPTIONS]]<br> |
− | *[[X-Frame-Options-Schwachstelle/ | + | *[[X-Frame-Options-Schwachstelle/EN|X-FRAME-OPTIONS]]<br> |
− | *[[XSS-Schwachstelle/ | + | *[[XSS-Schwachstelle/EN|X-XSS-PROTECTION]] |
Version vom 20. August 2018, 09:55 Uhr
HTTP-Security-Header-Scanner
Unseen by the user, the header (HTTP-Header Protokoll) of a website is exchanged between the Client and the Server for every query and response. The Header influences the behavior of the browser on the user side. Largely, these are handled independently of the queried Webapplikation and are defined in the webserver configurations. The HTTP-Security-Header-Scanner now allows you to examine the header (HTTP-Header) of your web application for insecure configurations. The scanner (Crawler) checks the information of the HTTP-header of your website and generates a report on any vulnerabilities found that could enable an attacker to execute attacks via faked sender IP addresses (Spoofing).
- CONTENT-SECURITY-POLICY
- CONTENT-TYPE
- PUBLIC-KEY-PINS (HPKP is not currently under review)
- STRIKT-TRANSPORT-SECURITY
- X-CONTENT-TYPE-OPTIONS
- X-FRAME-OPTIONS
- X-XSS-PROTECTION