Hi,
How can I check on http header if for example X-XSS-Protection header exist
thx
PAm
It depends on how you are acquiring the webpage in the first place. For example, if you are using COM Automation and the "WinHttp.WinHttpRequest.5.1" object, you could use the "GetResponseHeader" or "GetAllResponesHeaders" methods to check for your header of interest. On the other hand, if you are using the WinInet Extender, you could use the "iHttpHeaders" function to get a complete list of response headers.
If you are accessing the site with some other tool, you will need to use whatever that tool provides for HTTP header examination.
Here's a Tech DB example that uses COM Automation to check a specific header:
http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/OLE~COM~ADO~CDO~ADSI~LDAP/WinHttpRequest+WinHTTP~Redirect~.txt
(http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/OLE~COM~ADO~CDO~ADSI~LDAP/WinHttpRequest+WinHTTP~Redirect~.txt)
Another article that uses the WinInet extender:
http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WIL~Extenders/WinInet+Return~Info~on~Web~Server.txt (http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WIL~Extenders/WinInet+Return~Info~on~Web~Server.txt)
thx
Did some coding
tophandle=iBegin(0,"","")
connecthandle=iHostConnect(tophandle, "%aline%", @HTTP,"","")
datahandle=iHttpInit(connecthandle, "GET", "/", "",0)
rslt=iHttpOpen(datahandle,"", 0, 0)
headers=iHttpHeaders(datahandle)
iClose(datahandle)
iClose(connecthandle)
iClose(tophandle)
delay(1)
; CHECK IF SERVER IS ON
if headers == @TAB then exit
ptr=StrIndexNC(headers,"X-XSS-Protection: ",0,@FWDSCAN)
If ptr != -1
ptr2=StrIndex(headers,@TAB,ptr,@FWDSCAN)
If ptr2==0 Then ptr2=StrLen(headers)
ptr=ptr+StrLen("X-XSS-Protection: ")
XXS=StrTrim(StrSub(headers,ptr,ptr2-ptr))
If XXS <> ""
XXS="ENABLED"
Else
XXS="Disbaled"
endif
EndIf
thx for the direction
Out of curiosity..... why are you checking headers instead of error codes?
I am checking for http security headers to protect the web browerclient.
The program check now on all http security headers.
https://www.keycdn.com/blog/http-security-headers/
Pam