Burp Suite User Forum

Create new post

Additional Scanner Checks Extension

Felix | Last updated: Nov 28, 2014 12:05PM UTC

What is the context in which the Additional Scanner Checks extension decides whether or not a header needs the following properties. strict-transport-security x-content-type-options: no sniff X-XSS-protection Some sites I scan will come back with these findings and some will not. I have not noticed any distinguishable pattern of the sites that come back with these findings. (i.e) logon pages, authenticated pages, home pages, etc. Felix

Liam, PortSwigger Agent | Last updated: Nov 28, 2014 12:06PM UTC

It might be worth addressing this question to the extension author directly, in case they don't monitor the forum. Alternatively, you could review the source code for the extension to find an answer. Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.