Burp Suite User Forum

Login to post

Additional Scanner Checks Extension

Felix | Last updated: Nov 28, 2014 12:05PM UTC

What is the context in which the Additional Scanner Checks extension decides whether or not a header needs the following properties. strict-transport-security x-content-type-options: no sniff X-XSS-protection Some sites I scan will come back with these findings and some will not. I have not noticed any distinguishable pattern of the sites that come back with these findings. (i.e) logon pages, authenticated pages, home pages, etc. Felix

Liam, PortSwigger Agent | Last updated: Nov 28, 2014 12:06PM UTC

It might be worth addressing this question to the extension author directly, in case they don't monitor the forum. Alternatively, you could review the source code for the extension to find an answer. Please let us know if you need any further assistance.

You need to Log in to post a reply. Or register here, for free.