HTTP Security Headers Analyzer
Configuration Name: SecurityHeaders
Description
Security Headers analyzer verifies that each successful API response contains recommended HTTP security headers. There are many recommended security headers for web applications, and a subset of the recommended headers also pertain to HTTP-based network APIs. Security Headers analyzers checks for the following headers:
Content-TypeStrict-Transport-SecurityX-Content-Type-OptionsContent-Security-Policy
A finding reported by the analyzer will describe which headers have improper values and the recommended remediation.
Faults Reported
| Fault Identifier | Title | Summary | Solution | Severity |
|---|---|---|---|---|
| CWE-693 | Security Headers | HTTP headers do not comply with security best practices. | Modify the API implementation or API gateway to set the appropriate header values in each response. | medium |