GET: Web Application Headers Finding Details Ingrid https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=application_security Get Web Application Header finding details. Parameters For details specific to Web Application Headers, use the ?risk_vector=application_security parameter. Other query parameters are listed in GET: Finding Details. Example Request curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=application_security -u api_token: Example Response { "links":{ "next":null, "previous":null }, "count":98, "results":[ { "temporary_id":"A9Jq47BBjecd83c4cc889d99f958aa9b1cb337bf9a", "affects_rating":true, "assets":[ { "asset":"www.actorsfilms.us", "identifier":null, "category":"critical", "importance":0.1, "is_ip":false } ], "details":{ "check_pass":" ", "diligence_annotations":{ "record":"HTTP/1.1 200 OK\r\nDate: Tue, 01 Mar 2022 09:37:45 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5958\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\nServer: namecheap-nginx\r\nX-CST: MISS\r\nAllow: GET, HEAD", "title":"actorsfilms.us - Registered at Namecheap.com", "html":[ ], "required":[ { "name":"X-Content-Type-Options", "is_missing":true, "value":" ", "components":[ ], "annotations":[ { "message":"Missing required headers", "help_text":"One or more required security headers are not set.", "remediation_tip":"Ensure your policy correctly implements the required headers. Refer to the <a target=\"new\" href=\"/hc/en-us/articles/360008632054\">list of required headers</a>." }, […] ], "optional":[ { "name":"Expires", "is_missing":false, "value":"-1", "components":[ ], "annotations":[ ] } ] }, "final_location":"http://www.actorsfilms.us/", "geo_ip_location":"US", "country":"United States", "grade":"NEUTRAL", "observed_ips":[ "www.actorsfilms.us[198.54.117.217]:80" ], "remediations":[ { "message":"Missing required headers", "help_text":"One or more required security headers are not set.", "remediation_tip":"Ensure your policy correctly implements the required headers. Refer to the <a target=\"new\" href=\"/hc/en-us/articles/360008632054\">list of required headers</a>." }, […] ], "vulnerabilities":[ ], "dest_port":80, "rollup_end_date":"2022-03-01", "rollup_start_date":"2022-02-23" }, "evidence_key":"www.actorsfilms.us:80", "first_seen":"2022-02-23", "last_seen":"2022-03-01", "risk_category":"Diligence", "risk_vector":"application_security", "risk_vector_label":"Web Application Headers", "rolledup_observation_id":"jcDHImzCcc3xmtZZ-CXAYA==", "severity":1.0, "severity_category":"minor", "tags":[ "saperix inc" ], "remediation_history":{ "last_requested_refresh_date":"2024-06-19", "last_refresh_status_date":"2024-06-23", "last_refresh_status_label":"failed", "last_refresh_status_reason": "asset_not_found", "last_refresh_reason_code":"asset unreachable", "last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98", "result_finding_date": null }, "asset_overrides":[ ], "duration":null, "comments":null, "remaining_decay":47 } ] } Response Attributes Field Description links Object Navigation for multiple pages of results. See pagination. next String The URL to navigate to the next page of results. previous String The URL to navigate to the previous page of results. count Integer The number of findings. results Array Findings and their details. Object A finding. temporary_id String A temporary identifier for this finding. affects_rating Boolean true = This finding has an impact on the risk vector letter grade. assets Array Asset details. Object An asset (IP address or domain). asset String The asset associated with this finding. identifier String This is not applicable to Web Application Header findings. category String The Bitsight-calculated asset importance. importance Decimal For internal Bitsight use. is_ip Boolean true = This asset is an IP address. details Object Details of this finding. check_pass String For internal Bitsight use. diligence_annotations Object Diligence finding details. record String title String The title of the web page. html Array HTML header details, including: Header properties. The finding grade. Header issues. required Array Required header details. Object A required header. name String The name of this required header. is_missing Boolean true = This header is missing. value String Header settings that are contributing to the finding grade. Examples: no-cache private, max-age=5 components Array annotations Array A description of the finding and recommended remediation instructions. message String The display name of this finding. help_text String Details of this finding. remediation_tip String The recommended remediation instructions. optional Array Optional header details. Object An optional header. name String The name of this optional header. is_missing Boolean true = This optional header is missing. value String Header settings that are contributing to the finding grade. Examples: -1 Wkd, DD Mon YYYY HH:MM:SS TMZ SAMEORIGIN 1; mode=block components Array annotations Array A description of the finding and recommended remediation instructions. message String The display name of this finding. help_text String Details of this finding. remediation_tip String The recommended remediation instructions. final_location String Example: http://saperix.com/ geo_ip_location String A 2-letter ISO country code indicating the finding’s country of origin. country String The finding’s country of origin. grade String The finding grade. observed_ips Array Observed IP addresses. remediations Array Information about a finding and instructions to remediate it. Object A finding. message String The display name of this finding. help_text String Details of this finding. remediation_tip String The recommended remediation instructions. vulnerabilities Array This is not applicable to Web Application Header findings. dest_port Integer The destination port number. rollup_end_date String [YYYY-MM-DD] The date when this finding was last observed. rollup_start_date String [YYYY-MM-DD] The date when this finding was first observed. evidence_key String The asset that’s attributed to the finding. first_seen String [YYYY-MM-DD] The date when this observation was first seen. last_seen String [YYYY-MM-DD] The date when this observation was last seen. risk_category String The risk category of this finding. risk_vector String The slug name of this risk vector. risk_vector_label String The display name of this risk vector. rolledup_observation_id String A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. severity Decimal The finding severity, which is the measured risk that this finding introduces. severity_category String The finding severity slug name. tags Array Infrastructure tags that identify this asset. remediation_history Object If ?expand=remediation_history parameter is set, the remediation history of the finding is included. last_requested_refresh_date String [YYYY‑MM‑DD] The date when a finding rescan that included this finding was last requested. last_refresh_status_date String [YYYY‑MM‑DD] The date when a rescan of the remediation status of this finding was last requested. last_refresh_status_label String The current rescan status of this finding. last_refresh_status_reason String The rescan status. last_refresh_reason_code String The reason code for the rescan status. last_refresh_requester String [user_guid] The unique identifier of the user who requested the rescan. result_finding_date String [YYYY-MM-DD] The first seen date of the finding that resulted from the rescan, if applicable. asset_overrides Array User-assigned asset importance details. duration String This is not applicable to Web Application Header findings. comments String Finding comments. remaining_decay Integer The remaining finding lifetime. February 28, 2025: Added last_refresh_status_reason, last_refresh_reason_code, last_refresh_requester, and result_finding_date response attributes. March 15, 2022: Published. Related articles GET: Finding Details Web Application Header Findings Certificate Authorities Web Application Header Finding Messages How is the Web Application Headers Risk Vector Assessed? Feedback 0 comments Please sign in to leave a comment.