Missing 'Expect-CT' Header (deprecated)

The Expect-CT header allows sites to opt in to reporting and or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. This URL is flagged as a specific example. The Expect-CT will likely become obsolete in June...

Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes

Google updated its Chrome browser to version 67.0.3396.62 on Tuesday patching 34 bugs and adding support for the credential management API called WebAuthn. The update will be available in the coming days for Windows, Mac and Linux platforms, Google said. Most notably to the browser update are...

Google to Ditch Public Key Pinning in Chrome

Google said that in an upcoming version of Chrome it will deprecate the browser’s support for HTTP public key pinning. Instead, it will adopt the “safer” more flexible solution of Expect-CT headers. HTTP public key pinning HPKP is a browser security measure that protects against an SSL certificat...

SSL/TLS: HPKP / HSTS / Expect-CT Headers sent via plain HTTP

This script checks if the remote HTTP server is sending a HPKP, HSTS and/or Expect-CT header via plain HTTP. Note: Most major browsers have dropped / deprecated support for this header in 2020. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced...

http-security-headers NSE Script

Checks for the HTTP response headers related to security given in OWASP Secure Headers Project and gives a brief description of the header and its configuration value. The script requests the server for the header with http.head and parses it to list headers founds with their configurations. The...