-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Loading status checks…
Feature: CSV export supports detailed analysis
Showing
8 changed files
with
1,300 additions
and
1,255 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
"Section","Values" | ||
"[0. Info]","Date: 2024/12/28 - 20:20:46" | ||
"[0. Info]","URL: https://facebook.com" | ||
"[0. Info]","File: humble_https_facebook_com_20241228_202046_en.csv" | ||
"[0. Info]","Note: The URL returns an error (HTTP code 400, 'Bad Request')" | ||
"[0. Info]","Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400" | ||
"[1. Enabled HTTP Security Headers]","Cache-Control: private, no-cache, no-store, must-revalidate" | ||
"[1. Enabled HTTP Security Headers]","Content-Security-Policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;" | ||
"[1. Enabled HTTP Security Headers]","Content-Type: text/html; charset=""utf-8""" | ||
"[1. Enabled HTTP Security Headers]","Cross-Origin-Opener-Policy: same-origin-allow-popups;report-to=""coop_report""" | ||
"[1. Enabled HTTP Security Headers]","(*) Origin-Agent-Cluster: ?1" | ||
"[1. Enabled HTTP Security Headers]","Pragma: no-cache" | ||
"[1. Enabled HTTP Security Headers]","Report-To: {""max_age"":2592000,""endpoints"":" | ||
"[2. Missing HTTP Security Headers]","Clear-Site-Data" | ||
"[2. Missing HTTP Security Headers]","Clears browsing data (cookies, storage, cache) associated with the requesting website." | ||
"[2. Missing HTTP Security Headers]","Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data" | ||
"[2. Missing HTTP Security Headers]","Cross-Origin-Embedder-Policy" | ||
"[2. Missing HTTP Security Headers]","Prevents documents and workers from loading non-same-origin requests unless allowed." | ||
"[2. Missing HTTP Security Headers]","Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy" | ||
"[2. Missing HTTP Security Headers]","Cross-Origin-Resource-Policy" | ||
"[2. Missing HTTP Security Headers]","Protect servers against certain cross-origin or cross-site embedding of the returned source." | ||
"[2. Missing HTTP Security Headers]","Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)" | ||
"[2. Missing HTTP Security Headers]","(*) NEL" | ||
"[2. Missing HTTP Security Headers]","Enables web applications to declare a reporting policy to report errors." | ||
"[2. Missing HTTP Security Headers]","Ref: https://scotthelme.co.uk/network-error-logging-deep-dive/" | ||
"[2. Missing HTTP Security Headers]","(*) Permissions-Policy" | ||
"[2. Missing HTTP Security Headers]","Previously called ""Feature-Policy"", allow and deny the use of browser features." | ||
"[2. Missing HTTP Security Headers]","Ref: https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/" | ||
"[2. Missing HTTP Security Headers]","Referrer-Policy" | ||
"[2. Missing HTTP Security Headers]","Controls how much referrer information should be included with requests." | ||
"[2. Missing HTTP Security Headers]","Ref: https://scotthelme.co.uk/a-new-security-header-referrer-policy/" | ||
"[2. Missing HTTP Security Headers]","X-Permitted-Cross-Domain-Policies" | ||
"[2. Missing HTTP Security Headers]","Limit which data external resources (e.g. Adobe Flash/PDF documents), can access on the domain." | ||
"[2. Missing HTTP Security Headers]","Ref: https://owasp.org/www-project-secure-headers/#div-headers" | ||
"[3. Fingerprint HTTP Response Headers]","These headers can leak information about software, versions, hostnames or IP addresses: " | ||
"[3. Fingerprint HTTP Response Headers]","X-FB-Debug (facebook.com Platform)" | ||
"[3. Fingerprint HTTP Response Headers]","Value: 'GOgszca9qLxKjM9jDeLK82LrEt4xNtj69s/dgFjLpcsasvcn+kOVZUlfIbDDjtTID4yeUGFkGsAYJb+hFuSrVQ=='" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","The following headers/protocols are deprecated or their values may be considered unsafe: " | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Content-Security-Policy (Deprecated Directives)" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Avoid using deprecated directives: 'report-uri', 'block-all-mixed-content'" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Content-Security-Policy (Insecure Schemes)" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Do not allow insecure, unencrypted schemes: 'http:'" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://www.cloudflare.com/learning/ssl/why-is-http-not-secure/" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://http.dev/wss" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Content-Security-Policy (Too Permissive Sources)" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Limit these permissive origins: 'data:', 'blob:'" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://content-security-policy.com/" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Content-Security-Policy (Unsafe Values)" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","'unsafe-inline' and 'unsafe-eval' negate most of the security benefits provided by this header." | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://csper.io/blog/no-more-unsafe-inline" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Pragma (Deprecated Header)" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","This header is deprecated." | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Pragma" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Report-To (Deprecated Header)" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","This header is deprecated. Use instead ""Reporting-Endpoints""." | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Report-To" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Strict-Transport-Security (Recommended Values)" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Add 'includeSubDomains' and 'max-age' (with 31536000 -one year- as minimum)." | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://https.cio.gov/hsts/" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Strict-Transport-Security (Required Values)" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","'preload' requires 'includeSubDomains' and 'max-age' (with 31536000 -one year- as minimum)." | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Vary (Potentially Unsafe Header)" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","The values of this header may expose others, facilitating attacks if user input is accepted." | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Vary" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://www.yeswehack.com/fr/learn-bug-bounty/http-header-exploitation" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","X-XSS-Protection (Deprecated Header)" | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","This header is deprecated in the three major web browsers." | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Instead, use the ""Content-Security-Policy"" header restrictively." | ||
"[4. Deprecated HTTP Response Headers/Protocols and Insecure Values]","Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection" | ||
"[5. Empty HTTP Response Headers Values]","Empty HTTP headers (and are therefore considered disabled): " | ||
"[5. Empty HTTP Response Headers Values]","Nothing to report, all seems OK!" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","Cache-Control: https://caniuse.com/?search=Cache-Control" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","Content-Security-Policy: https://caniuse.com/?search=contentsecuritypolicy2" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","Content-Type: https://caniuse.com/?search=Content-Type" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","Cross-Origin-Opener-Policy: https://caniuse.com/?search=Cross-Origin-Opener-Policy" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","Origin-Agent-Cluster: https://caniuse.com/?search=Origin-Agent-Cluster" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","Pragma: https://caniuse.com/?search=Pragma" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","Report-To: https://caniuse.com/?search=Report-To" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","Reporting-Endpoints: https://caniuse.com/?search=Reporting-Endpoints" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","Strict-Transport-Security: https://caniuse.com/?search=Strict-Transport-Security" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","Vary: https://caniuse.com/?search=Vary" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","X-Content-Type-Options: https://caniuse.com/?search=X-Content-Type-Options" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","X-Frame-Options: https://caniuse.com/?search=X-Frame-Options" | ||
"[6. Browser Compatibility for Enabled HTTP Security Headers]","X-XSS-Protection: https://caniuse.com/?search=X-XSS-Protection" | ||
"[7. Analysis Results]","Done in 0.19 seconds! (changes with respect to the last analysis in parentheses)" | ||
"[7. Analysis Results]","Enabled headers: 12 (First Analysis)" | ||
"[7. Analysis Results]","Missing headers: 7 (First Analysis)" | ||
"[7. Analysis Results]","Fingerprint headers: 1 (First Analysis)" | ||
"[7. Analysis Results]","Deprecated/Insecure headers: 10 (First Analysis)" | ||
"[7. Analysis Results]","Empty headers: 0 (First Analysis)" | ||
"[7. Analysis Results]","Findings to review: 18 (First Analysis)" | ||
"[7. Analysis Results]","Analysis Grade: D (Review 'Deprecated/Insecure headers')" | ||
"[7. Analysis Results]","'(*)' meaning: Experimental HTTP response header" | ||
"[7. Analysis Results]","'(*)' ref: https://mdn.io/Experimental_deprecated_obsolete" |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.