Review the criteria for Web Application Header findings.
Instructions
To determine if a finding is created, use the following procedure to run a curl -IL
command on a host:
- Use your browser’s developer tool to copy the cURL command to your clipboard. Refer to the following instructions for your browser:
- Go to the “Network” tab of the developer tool.
- Right-click “www.bitsighttech.com” and then select Copy ➔ Copy as cURL.
- Paste this into your Terminal and include “-v” at the end of your query.
- Run the cURL command.
Example Response
Refer to the following response, located before the encrypted data.
HTTP/1.1 301 Moved Permanently Location: https://www.google.com/ Content-Type: text/html; charset=UTF-8 Date: Tue, 28 Aug 2018 17:17:40 GMT Expires: Thu, 27 Sep 2018 17:17:40 GMT Cache-Control: public, max-age=2592000 Server: gws Content-Length: 220 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35" HTTP/1.1 200 OK Date: Tue, 28 Aug 2018 17:17:40 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2018-08-28-17; expires=Thu, 27-Sep-2018 17:17:40 GMT; path=/; domain=.google.com Set-Cookie: NID=137=CQFYBttoqB9c2BYrozSME9mnGMSygLp6PKHEj2mj5vXWAEfWgdb5AsiPDumeyvo6sX5OBTULQOdT9drlusQQu-6KhGfqrGHgRfSbUpkRwCjxXkltT8Varb4m_rM9Nyba; expires=Wed, 27-Feb-2019 17:17:40 GMT; path=/; domain=.google.com; HttpOnly Transfer-Encoding: chunked Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35" Accept-Ranges: none Vary: Accept-Encoding
Additional Help
If a finding is missing:
- Verify the host against the criteria for Web Application Header findings.
- Ensure your block lists are not preventing lawful, periodic internet scanners from visiting your web properties.
- Check your firewall settings and ensure friendly scanners are able to connect.
If a header is missing:
- Ensure the domain is in your company’s infrastructure.
- If the port has been closed, but 60 days hasn’t elapsed for the finding to fall off your rating, select the Refresh button to update the port.
If findings are not updating from your changes:
- Please allow 2-3 days for Web Application Header findings to update.
- If the changes do not meet the criteria, no findings were created.
Contact Bitsight Support for additional help.
- November 30, 2021: Added shortcuts to sections.
- October 18, 2018: Published.
Feedback
0 comments
Please sign in to leave a comment.