Missing required headers

firetail:missing-headers

Type:

Observation

Rule Severity:

High

Some required headers are missing.

Certain headers are crucial for enforcing security policies and mechanisms, such as Cache-Control, Content-Security-Policy, Strict-Transport-Security, and X-Content-Type-Options. Absence of these headers can expose the API to security vulnerabilities like caching sensitive data, XSS (Cross-Site Scripting), or insecure content handling.

Remediation

Ensure that all required headers are included in responses.

Example Attack Scenario

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings