GET: Web Application Headers Finding Details – Bitsight Knowledge Base

https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=application_security

Get Web Application Header finding details.

Parameters

For details specific to Web Application Headers, use the ?risk_vector=application_security parameter. Other query parameters are listed in GET: Finding Details.

Example Request

curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=application_security -u api_token:

Example Response

{
  "links":{
    "next":null,
    "previous":null
  },
  "count":98,
  "results":[
    {
      "temporary_id":"A9Jq47BBjecd83c4cc889d99f958aa9b1cb337bf9a",
      "affects_rating":true,
      "assets":[
        {
          "asset":"www.actorsfilms.us",
          "identifier":null,
          "category":"critical",
          "importance":0.1,
          "is_ip":false
        }
      ],
      "details":{
        "check_pass":" ",
        "diligence_annotations":{
          "record":"HTTP/1.1 200 OK\r\nDate: Tue, 01 Mar 2022 09:37:45 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5958\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\nServer: namecheap-nginx\r\nX-CST: MISS\r\nAllow: GET, HEAD",
          "title":"actorsfilms.us - Registered at Namecheap.com",
          "html":[ ],
          "required":[
            {
              "name":"X-Content-Type-Options",
              "is_missing":true,
              "value":" ",
              "components":[ ],
              "annotations":[
                {
                  "message":"Missing required headers",
                  "help_text":"One or more required security headers are not set.",
                  "remediation_tip":"Ensure your policy correctly implements the required headers. Refer to the <a target=\"new\" href=\"/hc/en-us/articles/360008632054\">list of required headers</a>."
                },
                […]
              ],
              "optional":[
                {
                  "name":"Expires",
                  "is_missing":false,
                  "value":"-1",
                  "components":[ ],
                  "annotations":[ ]
                }
              ]
            },
            "final_location":"http://www.actorsfilms.us/",
            "geo_ip_location":"US",
            "country":"United States",
            "grade":"NEUTRAL",
            "observed_ips":[
              "www.actorsfilms.us[198.54.117.217]:80"
            ],
            "remediations":[
              {
                "message":"Missing required headers",
                "help_text":"One or more required security headers are not set.",
                "remediation_tip":"Ensure your policy correctly implements the required headers. Refer to the <a target=\"new\" href=\"/hc/en-us/articles/360008632054\">list of required headers</a>."
              },
              […]
            ],
            "vulnerabilities":[ ],
            "dest_port":80,
            "rollup_end_date":"2022-03-01",
            "rollup_start_date":"2022-02-23"
          },
        "evidence_key":"www.actorsfilms.us:80",
        "first_seen":"2022-02-23",
        "last_seen":"2022-03-01",
                "risk_category":"Diligence",
        "risk_vector":"application_security",
        "risk_vector_label":"Web Application Headers",
        "rolledup_observation_id":"jcDHImzCcc3xmtZZ-CXAYA==",
        "severity":1.0,
        "severity_category":"minor",
        "tags":[
          "saperix inc"
        ],
        "remediation_history":{
          "last_requested_refresh_date":"2024-06-19",
            "last_refresh_status_date":"2024-06-23",
            "last_refresh_status_label":"failed",
          "last_refresh_status_reason": "asset_not_found",
            "last_refresh_reason_code":"asset unreachable",
            "last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98",
          "result_finding_date": null
        },
        "asset_overrides":[ ],
        "duration":null,
        "comments":null,
        "remaining_decay":47
    }
  ]
}

Response Attributes

Field								Description
links Object								Navigation for multiple pages of results. See pagination.
	next String							The URL to navigate to the next page of results.
	previous String							The URL to navigate to the previous page of results.
count Integer								The number of findings.
results Array								Findings and their details.
	Object							A finding.
		temporary_id String						A temporary identifier for this finding.
		affects_rating Boolean						`true` = This finding has an impact on the risk vector letter grade.
		assets Array						Asset details.
			Object					An asset (IP address or domain).
				asset String				The asset associated with this finding.
				identifier String				This is not applicable to Web Application Header findings.
				category String				The Bitsight-calculated asset importance.
				importance Decimal				For internal Bitsight use.
				is_ip Boolean				`true` = This asset is an IP address.
		details Object						Details of this finding.
			check_pass String					For internal Bitsight use.
			diligence_annotations Object					Diligence finding details.
				record String
				title String				The title of the web page.
				html Array				HTML header details, including: Header properties. The finding grade. Header issues.
				required Array				Required header details.
					Object			A required header.
						name String		The name of this required header.
						is_missing Boolean		`true` = This header is missing.
						value String		Header settings that are contributing to the finding grade. Examples: `no-cache` `private, max-age=5`
						components Array
						annotations Array		A description of the finding and recommended remediation instructions.
							message String	The display name of this finding.
							help_text String	Details of this finding.
							remediation_tip String	The recommended remediation instructions.
				optional Array				Optional header details.
					Object			An optional header.
						name String		The name of this optional header.
						is_missing Boolean		`true` = This optional header is missing.
						value String		Header settings that are contributing to the finding grade. Examples: `-1` `Wkd, DD Mon YYYY HH:MM:SS TMZ` `SAMEORIGIN` `1; mode=block`
						components Array
						annotations Array		A description of the finding and recommended remediation instructions.
							message String	The display name of this finding.
							help_text String	Details of this finding.
							remediation_tip String	The recommended remediation instructions.
			final_location String					Example: `http://saperix.com/`
			geo_ip_location String					A 2-letter ISO country code indicating the finding’s country of origin.
			country String					The finding’s country of origin.
			grade String					The finding grade.
			observed_ips Array					Observed IP addresses.
			remediations Array					Information about a finding and instructions to remediate it.
				Object				A finding.
					message String			The display name of this finding.
					help_text String			Details of this finding.
					remediation_tip String			The recommended remediation instructions.
			vulnerabilities Array					This is not applicable to Web Application Header findings.
			dest_port Integer					The destination port number.
			rollup_end_date String [`YYYY-MM-DD`]					The date when this finding was last observed.
			rollup_start_date String [`YYYY-MM-DD`]					The date when this finding was first observed.
		evidence_key String						The asset that’s attributed to the finding.
		first_seen String [`YYYY-MM-DD`]						The date when this observation was first seen.
		last_seen String [`YYYY-MM-DD`]						The date when this observation was last seen.
		risk_category String						The risk category of this finding.
		risk_vector String						The slug name of this risk vector.
		risk_vector_label String						The display name of this risk vector.
		rolledup_observation_id String						A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession.
		severity Decimal						The finding severity, which is the measured risk that this finding introduces.
		severity_category String						The finding severity slug name.
		tags Array						Infrastructure tags that identify this asset.
		remediation_history Object						If `?expand=remediation_history` parameter is set, the remediation history of the finding is included.
			last_requested_refresh_date String [`YYYY‑MM‑DD`]					The date when a finding rescan that included this finding was last requested.
				last_refresh_status_date String [`YYYY‑MM‑DD`]				The date when a rescan of the remediation status of this finding was last requested.
				last_refresh_status_label String				The current rescan status of this finding.
last_refresh_status_reason String					The rescan status.
			last_refresh_reason_code String				The reason code for the rescan status.
	last_refresh_requester String [`user_guid`]				The unique identifier of the user who requested the rescan.
result_finding_date String [`YYYY-MM-DD`]					The first seen date of the finding that resulted from the rescan, if applicable.
asset_overrides Array						User-assigned asset importance details.
duration String						This is not applicable to Web Application Header findings.
comments String						Finding comments.
remaining_decay Integer						The remaining finding lifetime.

February 28, 2025: Added last_refresh_status_reason, last_refresh_reason_code, last_refresh_requester, and result_finding_date response attributes.
March 15, 2022: Published.

Parameters

Example Request

Example Response

Response Attributes

Related articles