daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7266 from jub0bs/fix-issue-7265-drop-cors-checks-from-missing-security-headers-tmpl 

Fix issue 7265
patch-1
Prince Chaddha 2023-05-23 13:22:09 +05:30 committed by GitHub
parent 7d667d3ea5 d53658c882
commit 0b3b164b8f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
http/misconfiguration/http-missing-security-headers.yaml
View File

@ -2,7 +2,7 @@ id: http-missing-security-headers
info:
name: HTTP Missing Security Headers
author: socketz,geeknik,G4L1T0,convisoappsec,kurohost,dawid-czarnecki,forgedhallpass
author: socketz,geeknik,G4L1T0,convisoappsec,kurohost,dawid-czarnecki,forgedhallpass,jub0bs
severity: info
description: |
This template searches for missing HTTP security headers. The impact of these missing headers can vary.
@ -95,45 +95,3 @@ http:
- "!regex('(?i)cross-origin-resource-policy', all_headers)"
- "status_code != 301 && status_code != 302"
condition: and
- type: dsl
name: access-control-allow-origin
dsl:
- "!regex('(?i)access-control-allow-origin', all_headers)"
- "status_code != 301 && status_code != 302"
condition: and
- type: dsl
name: access-control-allow-credentials
dsl:
- "!regex('(?i)access-control-allow-credentials', all_headers)"
- "status_code != 301 && status_code != 302"
condition: and
- type: dsl
name: access-control-expose-headers
dsl:
- "!regex('(?i)access-control-expose-headers', all_headers)"
- "status_code != 301 && status_code != 302"
condition: and
- type: dsl
name: access-control-max-age
dsl:
- "!regex('(?i)access-control-max-age', all_headers)"
- "status_code != 301 && status_code != 302"
condition: and
- type: dsl
name: access-control-allow-methods
dsl:
- "!regex('(?i)access-control-allow-methods', all_headers)"
- "status_code != 301 && status_code != 302"
condition: and
- type: dsl
name: access-control-allow-headers
dsl:
- "!regex('(?i)access-control-allow-headers', all_headers)"
- "status_code != 301 && status_code != 302"
condition: and