id: http-missing-security-headers

info:
  name: HTTP Missing Security Headers
  author: socketz,geeknik,G4L1T0,convisoappsec,kurohost,dawid-czarnecki,forgedhallpass,jub0bs
  severity: info
  description: |
    This template searches for missing HTTP security headers. The impact of these missing headers can vary.
  tags: misconfig,headers,generic
  metadata:
    max-request: 1

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 3
    matchers-condition: or
    matchers:
      - type: dsl
        name: strict-transport-security
        dsl:
          - "!regex('(?i)strict-transport-security', header)"
          - "status_code != 301 && status_code != 302"
        condition: and

      - type: dsl
        name: content-security-policy
        dsl:
          - "!regex('(?i)content-security-policy', header)"
          - "status_code != 301 && status_code != 302"
        condition: and

      - type: dsl
        name: permissions-policy
        dsl:
          - "!regex('(?i)permissions-policy', header)"
          - "status_code != 301 && status_code != 302"
        condition: and

      - type: dsl
        name: x-frame-options
        dsl:
          - "!regex('(?i)x-frame-options', header)"
          - "status_code != 301 && status_code != 302"
        condition: and

      - type: dsl
        name: x-content-type-options
        dsl:
          - "!regex('(?i)x-content-type-options', header)"
          - "status_code != 301 && status_code != 302"
        condition: and

      - type: dsl
        name: x-permitted-cross-domain-policies
        dsl:
          - "!regex('(?i)x-permitted-cross-domain-policies', header)"
          - "status_code != 301 && status_code != 302"
        condition: and

      - type: dsl
        name: referrer-policy
        dsl:
          - "!regex('(?i)referrer-policy', header)"
          - "status_code != 301 && status_code != 302"
        condition: and

      - type: dsl
        name: clear-site-data
        dsl:
          - "!regex('(?i)clear-site-data', header)"
          - "status_code != 301 && status_code != 302"
        condition: and

      - type: dsl
        name: cross-origin-embedder-policy
        dsl:
          - "!regex('(?i)cross-origin-embedder-policy', header)"
          - "status_code != 301 && status_code != 302"
        condition: and

      - type: dsl
        name: cross-origin-opener-policy
        dsl:
          - "!regex('(?i)cross-origin-opener-policy', header)"
          - "status_code != 301 && status_code != 302"
        condition: and

      - type: dsl
        name: cross-origin-resource-policy
        dsl:
          - "!regex('(?i)cross-origin-resource-policy', header)"
          - "status_code != 301 && status_code != 302"
        condition: and