HTTP Strict Transport Security (HSTS) --- Force HTTPS if enabled on the website
Content Security Policy (CSP) --- Restrict/Whitelist some resources for some users
X-XSS-Protection --- Protection for XSS
X-Frame-Options --- Protect from clickjacking by removing iframes
X-Content-Type-Options --- Protect from MIME sniffing
# Cookie
Set-Cookie Secure --- Prevent cookie stealing during transport
Set-Cookie HttpOnly --- Prevent cookie stealing in the web browser
Set-Cookie SameSite --- Prevent from CSRF (cookies will stay on the website)
Interesting Headers
Some interesting header to fuzz the application with:
Host: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-Forwarded-Server: 127.0.0.1
Location: 127.0.0.1
ProxySourceAddress: 127.0.0.1
TRACE/TRACK Method
# You can get information using the TRACE method
# If your requests goes through a WAF, you might have some informations in the response
# Added headers (X-Forwarded-For) for example → You can try to bypass the WAF
# Bypass WAF by addind it's own IP in the header and tell him to ignore the request
XST - Cross Site Tracing
# Client side vulnerability using TRACE Method
# It's not about injecting executable Javascript as long as the client must already be able to execute
# It takes advantage of the fact that the web server reflect the client's HTTP message in his response
# The main goal is to access headers that are blocked by JavaScript