id: http-missing-security-headers info: name: HTTP Missing Security Headers author: socketz,geeknik,G4L1T0,convisoappsec,kurohost,dawid-czarnecki severity: info description: It searches for missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty. tags: misconfig,generic requests: - method: GET path: - "{{BaseURL}}" redirects: true max-redirects: 3 matchers-condition: or matchers: - type: regex name: strict-transport-security regex: - "(?i)strict-transport-security" negative: true part: header - type: regex name: content-security-policy regex: - "(?i)content-security-policy" negative: true part: header - type: regex name: permission-policy regex: - "(?i)permission-policy" negative: true part: header - type: regex name: x-frame-options regex: - "(?i)x-frame-options" negative: true part: header - type: regex name: x-content-type-options regex: - "(?i)x-content-type-options" negative: true part: header - type: regex name: x-permitted-cross-domain-policies regex: - "(?i)x-permitted-cross-domain-policies" negative: true part: header - type: regex name: referrer-policy regex: - "(?i)referrer-policy" negative: true part: header - type: regex name: clear-site-data regex: - "(?i)clear-site-data" negative: true part: header - type: regex name: cross-origin-embedder-policy regex: - "(?i)cross-origin-embedder-policy" negative: true part: header - type: regex name: cross-origin-opener-policy regex: - "(?i)cross-origin-opener-policy" negative: true part: header - type: regex name: cross-origin-resource-policy regex: - "(?i)cross-origin-resource-policy" negative: true part: header - type: regex name: access-control-allow-origin regex: - "(?i)access-control-allow-origin" negative: true part: header - type: regex name: access-control-allow-credentials regex: - "(?i)access-control-allow-credentials" negative: true part: header - type: regex name: access-control-expose-headers regex: - "(?i)access-control-expose-headers" negative: true part: header - type: regex name: access-control-max-age regex: - "(?i)access-control-max-age" negative: true part: header - type: regex name: access-control-allow-methods regex: - "(?i)access-control-allow-methods" negative: true part: header - type: regex name: access-control-allow-headers regex: - "(?i)access-control-allow-headers"