viewpoint-particle

Author Topic: check on http headers  (Read 229 times)

pamsniffer

  • Newbie
  • *
  • Posts: 34
check on http headers
« on: April 23, 2018, 04:13:37 am »
Hi,
How can I check on http header if for example X-XSS-Protection header exist


thx

PAm

td

  • Tech Support
  • *****
  • Posts: 2443
    • WinBatch
Re: check on http headers
« Reply #1 on: April 23, 2018, 01:08:14 pm »
It depends on how you are acquiring the webpage in the first place.  For example, if you are using COM Automation and the "WinHttp.WinHttpRequest.5.1" object,  you could use the "GetResponseHeader" or "GetAllResponesHeaders" methods to check for your header of interest.  On the other hand, if you are using the WinInet Extender, you could use the "iHttpHeaders" function to get a complete list of response headers.

If you are accessing the site with some other tool, you will need to use whatever that tool provides for HTTP header examination. 
"Success is a lousy teacher. It seduces smart people into thinking they can't lose."
  - Bill Gates


td

  • Tech Support
  • *****
  • Posts: 2443
    • WinBatch
"Success is a lousy teacher. It seduces smart people into thinking they can't lose."
  - Bill Gates


pamsniffer

  • Newbie
  • *
  • Posts: 34
Re: check on http headers
« Reply #3 on: April 27, 2018, 12:56:09 am »
thx

pamsniffer

  • Newbie
  • *
  • Posts: 34
Re: check on http headers
« Reply #4 on: May 06, 2018, 04:44:53 am »
Did some coding


       tophandle=iBegin(0,"","")
       connecthandle=iHostConnect(tophandle, "%aline%", @HTTP,"","")
       datahandle=iHttpInit(connecthandle, "GET", "/", "",0)
       rslt=iHttpOpen(datahandle,"", 0, 0)
       headers=iHttpHeaders(datahandle)
       iClose(datahandle)
       iClose(connecthandle)
       iClose(tophandle)
       delay(1)

       ; CHECK IF SERVER IS ON

       if headers == @TAB then exit
       
       ptr=StrIndexNC(headers,"X-XSS-Protection: ",0,@FWDSCAN)
       If ptr != -1
          ptr2=StrIndex(headers,@TAB,ptr,@FWDSCAN)
          If ptr2==0 Then ptr2=StrLen(headers)
          ptr=ptr+StrLen("X-XSS-Protection: ")
          XXS=StrTrim(StrSub(headers,ptr,ptr2-ptr))
          If XXS  <> ""
            XXS="ENABLED"
           Else
            XXS="Disbaled"
          endif
       EndIf
       

thx for the direction

stanl

  • Pundit
  • *****
  • Posts: 725
Re: check on http headers
« Reply #5 on: May 07, 2018, 04:52:08 am »
Out of curiosity..... why are you checking headers instead of error codes?

pamsniffer

  • Newbie
  • *
  • Posts: 34
Re: check on http headers
« Reply #6 on: May 14, 2018, 01:18:28 pm »
I am checking for http security headers to protect the web browerclient.

The program check now on all http security headers.


https://www.keycdn.com/blog/http-security-headers/

Pam