Contents:

• Simple Built-in HTTP Layer Security Tests for GET Requests
  • Introduction
  • Auto-complete Should be Disabled
    • Validate Auto-compelete Off for a Form
    • Validate Auto-compelete Off for a Field
  • Private Resource Disclosure
  • Private IP Disclosure
  • Cross-Origin Resource Sharing (CORS)
  • Frameable Response (Potential Clickjacking)
  • Strict Transport Policy
  • Information Disclosure
  • Minium Secure JS Version
  • Vulnerable JS Version
  • Cookie - HttpOnly Flag
  • Cookie - secure Flag
  • Malicious URL Redirect