检查HTTP安全标头
该脚本当前扫描以下HTTP标头字段:
Strict-Transport-Security (HSTS)
Public-Key-Pins (HPKP)
X-Frame-Options: deny
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
如果设置了Content-Security-Policy或仅Content-Security-Policy-Report-Only
如果设置了Content-Security-Policy: upgrade-insecure-requests (强制资源请求升级到HTTPS)
如果使用Content-Encoding (BREACH攻击)
此外,它还会检查..
HTTP请求正
