1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# https://morningstarsecurity.com/research/whatweb
##
Plugin.define do
name "Modern-Security-Headers"
authors [
"Andrew Horton", # v0.1 # 2025-08-02 # Initial version
]
version "0.1"
description "Modern web security headers that implement defense-in-depth protection for web applications."
website "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers#security"
matches [
# Permission and Feature policies
{ :search=>"headers[permissions-policy]", :string=>true, :name=>"Permissions Policy" },
{ :search=>"headers[feature-policy]", :string=>true, :name=>"Feature Policy (Legacy)" },
# Cross-Origin policies
{ :search=>"headers[cross-origin-resource-policy]", :string=>true, :name=>"Cross-Origin Resource Policy" },
{ :search=>"headers[cross-origin-opener-policy]", :string=>true, :name=>"Cross-Origin Opener Policy" },
{ :search=>"headers[cross-origin-embedder-policy]", :string=>true, :name=>"Cross-Origin Embedder Policy" },
# Other security headers
{ :search=>"headers[referrer-policy]", :name=>"Referrer Policy" },
{ :search=>"headers[clear-site-data]", :name=>"Clear Site Data" },
{ :search=>"headers[x-content-type-options]", :name=>"X-Content-Type-Options" },
{ :search=>"headers[x-xss-protection]", :name=>"X-XSS-Protection" },
{ :search=>"headers[expect-ct]", :name=>"Expect-CT" }
]
end
|
