From 9f8b8863c5facdfc23a0f875aa461935a44da45d Mon Sep 17 00:00:00 2001 From: vinamra Date: Wed, 7 Jun 2017 00:59:33 +0000 Subject: [PATCH] Changes in Expect-CT header --- scripts/http-security-headers.nse | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/http-security-headers.nse b/scripts/http-security-headers.nse index 21f49052b..acd2114ce 100755 --- a/scripts/http-security-headers.nse +++ b/scripts/http-security-headers.nse @@ -11,7 +11,7 @@ shows whether they are configured and gives a brief description of the header an The script requests the server for the header with http.head and parses it to list headers founds with their configurations. The script checks for HSTS(HTTP Strict Transport Security), HPKP(HTTP Public Key Pins), X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Content-Security-Policy, -X-Permitted-Cross-Domain-Policies, Set-Cookie, Except-CT, Cache-Control, Pragma and Expires. +X-Permitted-Cross-Domain-Policies, Set-Cookie, Expect-CT, Cache-Control, Pragma and Expires. References: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers @@ -314,10 +314,10 @@ action = function(host, port) end end - if response.header['except-ct'] then - output_info.Except_Ct = {} - table.insert(output_info.Except_Ct, "Except-CT is configured.") - table.insert(output_info.Except_Ct, "Header: Except-CT: " .. response.header['except-ct']) + if response.header['expect-ct'] then + output_info.Expect_Ct = {} + table.insert(output_info.Expect_Ct, "Expect-CT is configured.") + table.insert(output_info.Expect_Ct, "Header: Expect-CT: " .. response.header['expect-ct']) end if response.header['cache-control'] then