Skip to main content

Check Security Headers

Full Fuzzer NameCheckSecurityHeadersFuzzer
DescriptionThis fuzzer will check if APIs respond with the recommended security headers. The Fuzzer will send happy path requests.
Enabled by default?Yes
Target header typesAll
Expected result when fuzzed header is requiredN/A
Expected result when fuzzed header is optionalN/A
Fuzzing logicIteratively calls all paths and HTTP methods and expects responses to include at least the following security headers: [X-Frame-Options=DENY, Cache-Control=no-store, X-Content-Type-Options=nosniff, X-XSS-Protection=1; mode=block]
Conditions when this fuzzer will be skippedNone
HTTP methods that will be skippedNone
ReportingReports error if response does not contain at least one of the headers or success otherwise.