<<
GENERAL INFORMATION
This is a collection of HTTP headers that you can see when doing web penetration testing or bug bounty. There's a sample and some tips for each
of them.
CLASSIFICATION
--select an option--
cookie params
host:
accept:
accept-encoding:
accept-language:
access-control-allow-origin:
cache-control:
cf-apo-via:
cf-cache-status:
cf-ray:
connection:
content-disposition:
content-length:
content-security-policy:
content-security-policy-report-only:
content-type:
cookie:
cross-origin-opener-policy:
cross-origin-resource-policy:
client-name:[pending]
date:
etag:
expect-ct:
expires:[pending]
if-none-match:
origin:
origin-agent-cluster:
pragma:[pending]
referer:
referrer-policy:
report-to:
sec-fetch-dest:
sec-fetch-mode:
sec-fetch-site:
sec-fetch-user:
server:
set-cookie:
strict-transport-security:
surrogate-control:[pending]
upgrade-insecure-requests:
user-agent:
vary:
x-content-type-options:
x-csrf-token:
x-dns-prefetch-control:
x-download-options:
x-frame-options:
x-permitted-cross-domain-policies:
x-request-id:
x-requested-with:[pending]
x-xss-protection:
x-server-version:[pending]
x-served-by:[pending]
x-robots-tag:[pending]
GO BACK