Created
March 14, 2017 14:45
-
-
Save InAnimaTe/a1bd16440eb7978e8fc203c561bb2a8f to your computer and use it in GitHub Desktop.
Popular API Headers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The following is some httpstat investigation relating to api calls. | |
| └[~]> httpstat https://api.auth0.com | |
| Connected to 52.9.60.147:443 from 192.168.1.149:56408 | |
| HTTP/1.1 302 Found | |
| Date: Tue, 14 Mar 2017 14:28:43 GMT | |
| Content-Type: text/plain; charset=UTF-8 | |
| Content-Length: 39 | |
| Connection: keep-alive | |
| Keep-Alive: timeout=100 | |
| X-Auth0-RequestId: b39fb7c0b41c26e26bb0 | |
| Location: https://auth0.com | |
| Vary: Accept | |
| Cache-Control: no-cache | |
| Strict-Transport-Security: max-age=15724800 | |
| X-Robots-Tag: noindex, nofollow, nosnippet, noarchive | |
| Body stored in: /tmp/tmpw0asypn2 | |
| DNS Lookup TCP Connection TLS Handshake Server Processing Content Transfer | |
| [ 60ms | 77ms | 179ms | 79ms | 0ms ] | |
| | | | | | | |
| namelookup:60ms | | | | | |
| connect:137ms | | | | |
| pretransfer:316ms | | | |
| starttransfer:395ms | | |
| total:395ms | |
| └[~]> httpstat https://api.digitalocean.com/v2/ | |
| Connected to 104.16.24.4:443 from 192.168.1.149:47936 | |
| HTTP/1.1 404 Not Found | |
| Date: Tue, 14 Mar 2017 14:25:07 GMT | |
| Content-Type: application/json; charset=utf-8 | |
| Content-Length: 82 | |
| Connection: keep-alive | |
| Set-Cookie: __cfduid=dea2536eca20d0d7b8f09e7f77654ae471489501507; expires=Wed, 14-Mar-18 14:25:07 GMT; path=/; domain=.digitalocean.com; HttpOnly | |
| Cache-Control: no-cache | |
| X-Content-Type-Options: nosniff | |
| X-Frame-Options: SAMEORIGIN | |
| X-Gateway: Edge Gateway | |
| X-Request-Id: e560bac6-2785-4ba7-b941-7112041e4223 | |
| X-Runtime: 0.071114 | |
| X-Xss-Protection: 1; mode=block | |
| Server: cloudflare-nginx | |
| CF-RAY: 33f7e683ef9a0f9f-YYZ | |
| Body stored in: /tmp/tmp73ugm5vo | |
| DNS Lookup TCP Connection TLS Handshake Server Processing Content Transfer | |
| [ 60ms | 18ms | 63ms | 224ms | 0ms ] | |
| | | | | | | |
| namelookup:60ms | | | | | |
| connect:78ms | | | | |
| pretransfer:141ms | | | |
| starttransfer:365ms | | |
| total:365ms | |
| └[~]> httpstat https://api.sandbox.dnsimple.com/v2/ | |
| Connected to 50.31.209.236:443 from 192.168.1.149:41004 | |
| HTTP/1.1 404 Not Found | |
| Server: nginx | |
| Date: Tue, 14 Mar 2017 14:30:35 GMT | |
| Content-Type: application/json | |
| Content-Length: 23 | |
| Connection: keep-alive | |
| Cache-Control: no-cache | |
| X-Request-Id: 8ab5ced7-f9a3-478c-aadc-e3bbb1671394 | |
| X-Runtime: 0.004471 | |
| X-Content-Type-Options: nosniff | |
| X-Download-Options: noopen | |
| X-Frame-Options: DENY | |
| X-Permitted-Cross-Domain-Policies: none | |
| X-XSS-Protection: 1; mode=block | |
| Body stored in: /tmp/tmpngsg8tx1 | |
| DNS Lookup TCP Connection TLS Handshake Server Processing Content Transfer | |
| [ 124ms | 40ms | 110ms | 44ms | 0ms ] | |
| | | | | | | |
| namelookup:124ms | | | | | |
| connect:164ms | | | | |
| pretransfer:274ms | | | |
| starttransfer:318ms | | |
| total:318ms | |
| https://developer.github.com/v3/#schema | |
| └[~]> httpstat https://api.github.com/ | |
| Connected to 192.30.253.116:443 from 192.168.1.149:53678 | |
| HTTP/1.1 200 OK | |
| Server: GitHub.com | |
| Date: Tue, 14 Mar 2017 14:31:55 GMT | |
| Content-Type: application/json; charset=utf-8 | |
| Content-Length: 2165 | |
| Status: 200 OK | |
| X-RateLimit-Limit: 60 | |
| X-RateLimit-Remaining: 59 | |
| X-RateLimit-Reset: 1489505515 | |
| Cache-Control: public, max-age=60, s-maxage=60 | |
| Vary: Accept | |
| ETag: "7dc470913f1fe9bb6c7355b50a0737bc" | |
| X-GitHub-Media-Type: github.v3; format=json | |
| Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval | |
| Access-Control-Allow-Origin: * | |
| Content-Security-Policy: default-src 'none' | |
| Strict-Transport-Security: max-age=31536000; includeSubdomains; preload | |
| X-Content-Type-Options: nosniff | |
| X-Frame-Options: deny | |
| X-XSS-Protection: 1; mode=block | |
| Vary: Accept-Encoding | |
| X-Served-By: 15bc4ab707db6d6b474783868c7cc828 | |
| X-GitHub-Request-Id: D1AE:0712:A7BC1BF:C902C22:58C7FEDB | |
| Body stored in: /tmp/tmpt_6gm_lu | |
| DNS Lookup TCP Connection TLS Handshake Server Processing Content Transfer | |
| [ 60ms | 24ms | 75ms | 44ms | 0ms ] | |
| | | | | | | |
| namelookup:60ms | | | | | |
| connect:84ms | | | | |
| pretransfer:159ms | | | |
| starttransfer:203ms | | |
| total:203ms | |
| └[~]> httpstat https://api.twitter.com/ | |
| Connected to 104.244.42.194:443 from 192.168.1.149:42462 | |
| HTTP/1.1 404 Not Found | |
| content-length: 4458 | |
| content-security-policy: default-src 'none'; img-src https://abs.twimg.com https://ssl.google-analytics.com http://www.google-analytics.com; script-src https://abs.twimg.com https://ssl.google-analytics.com https://ajax.googleapis.com http://www.google-analytics.com about:; style-src https://abs.twimg.com https://fonts.googleapis.com 'unsafe-inline'; font-src https://abs.twimg.com https://twitter.com; connect-src 'none'; object-src 'none'; media-src 'none'; frame-src 'none'; report-uri https://twitter.com/i/csp_report?a=ORTGK%3D%3D%3D&ro=false | |
| content-type: text/html;charset=utf-8 | |
| date: Tue, 14 Mar 2017 14:33:09 GMT | |
| server: tsa_b | |
| set-cookie: guest_id=v1%3A148950198968214018; Domain=.twitter.com; Path=/; Expires=Thu, 14-Mar-2019 14:33:09 UTC | |
| strict-transport-security: max-age=631138519 | |
| x-connection-hash: 50e14f8031ca2eeb795f1147f34dc3dd | |
| x-response-time: 3 | |
| x-xss-protection: 1; mode=block | |
| Body stored in: /tmp/tmpty9wmlfo | |
| DNS Lookup TCP Connection TLS Handshake Server Processing Content Transfer | |
| [ 60ms | 41ms | 103ms | 47ms | 0ms ] | |
| | | | | | | |
| namelookup:60ms | | | | | |
| connect:101ms | | | | |
| pretransfer:204ms | | | |
| starttransfer:251ms | | |
| total:251ms | |
| └[~]> httpstat https://api.imgur.com/ | |
| Connected to 151.101.44.193:443 from 192.168.1.149:37734 | |
| HTTP/1.1 200 OK | |
| Content-Type: text/html;charset=UTF-8 | |
| Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 | |
| Fastly-Debug-Digest: eeabc3944833b8f8c13ba926d57295e017d11ea892fb60bb5d76dad6e5e3c6cd | |
| Content-Length: 53847 | |
| Accept-Ranges: bytes | |
| Date: Tue, 14 Mar 2017 14:40:59 GMT | |
| Age: 0 | |
| Connection: keep-alive | |
| X-Served-By: cache-iad2130-IAD, cache-ord1720-ORD | |
| X-Cache: MISS, MISS | |
| X-Cache-Hits: 0, 0 | |
| Vary: Accept-Encoding | |
| access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS | |
| access-control-allow-origin: * | |
| access-control-allow-headers: Authorization, Content-Type, Accept, X-Mashape-Authorization, IMGURPLATFORM, IMGURUIDJAFO, sessionCount, IMGURMWBETA, IMGURMWBETAOPTIN | |
| Server: cat factory 1.0 | |
| X-Redux: 1 | |
| X-Frame-Options: DENY | |
| Body stored in: /tmp/tmpi9nf5ec_ | |
| DNS Lookup TCP Connection TLS Handshake Server Processing Content Transfer | |
| [ 60ms | 15ms | 45ms | 61ms | 36ms ] | |
| | | | | | | |
| namelookup:60ms | | | | | |
| connect:75ms | | | | |
| pretransfer:120ms | | | |
| starttransfer:181ms | | |
| total:217ms | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some linkage:
https://github.com/twitter/secureheaders
https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers
https://www.perpetual-beta.org/weblog/security-headers.html
http://stackoverflow.com/a/16022625
https://content-security-policy.com/