HTTP headers for sub-domain enumeration

Few security headers reveal sub-domain information

Content Security Policy(CSP)

Content Security Policy(CSP) defines the Content-Security-Policy HTTP header, which allows you to create a whitelist of sources of trusted content, and instructs the browser to only execute or render resources from those sources. So basically, Content-Security-Policy header will list a bunch of sources(domains) that might be of interest to us as an attackers. There are deprecated forms of CSP headers, they are X-Content-Security-Policy and X-Webkit-CSP

  • Extracting CSP headers with curl

csp-curl

csp-script

results matching ""

    No results matching ""