OFFENSIVE | DEFENSIVE | WIKI | ABOUT

<<



GENERAL INFORMATION
This is a collection of HTTP headers that you can see when doing web penetration testing or bug bounty. There's a sample and some tips for each 
of them.


CLASSIFICATION

        --select an option--
	cookie params
        host:
        accept:
        accept-encoding:
	accept-language:
	access-control-allow-origin:
	cache-control:
	cf-apo-via:
	cf-cache-status:
	cf-ray:
        connection:
        content-disposition:
	content-length:
	content-security-policy:
	content-security-policy-report-only:
	content-type:
	cookie:
	cross-origin-opener-policy:
        cross-origin-resource-policy:
        client-name:[pending]
        date:
	etag:
	expect-ct:
	expires:[pending]
	if-none-match:
	origin:
	origin-agent-cluster:
	pragma:[pending]
	referer:
        referrer-policy:
        report-to:
	sec-fetch-dest:
	sec-fetch-mode:
	sec-fetch-site:
	sec-fetch-user:
        server:
        set-cookie:
	strict-transport-security:
	surrogate-control:[pending]
	upgrade-insecure-requests:
	user-agent:
	vary:
	x-content-type-options:
	x-csrf-token:
	x-dns-prefetch-control:
        x-download-options:
        x-frame-options:
	x-permitted-cross-domain-policies:
	x-request-id:
	x-requested-with:[pending]
	x-xss-protection:
	x-server-version:[pending]
	x-served-by:[pending]
	x-robots-tag:[pending]
        
    

GO BACK