I want to know how can i check with domain name if website is missing content type sniffing header. Server is not mine, so I can not create php files inside or edit .htaccess file. i know that checking php version is possible with git bash and curl but is it possible to detect that missing header with curl too? or there is other way? (Only LEGAL of course)
Asked
Active
Viewed 1,410 times
2
iLiA
- 3,053
- 4
- 23
- 45
-
1use postman to send a request and see the response from such a request – madalinivascu Jun 27 '19 at 11:47
-
1Just check if the response has this header: `X-Content-Type-Options=nosniff` – M. Eriksson Jun 27 '19 at 11:50
-
it gave me `Content-Type →text/html` to content type but there is no `X-Content-Type-Options` – iLiA Jun 27 '19 at 11:55
-
1You could just open up the network tab in your browsers dev-tools, go to the URL you want to check, look at the response headers in the network tab. – M. Eriksson Jun 27 '19 at 11:56
-
1_"but there is no X-Content-Type-Options"_ - Then there's your answer. The site does not prevent content sniffing. – M. Eriksson Jun 27 '19 at 11:57
-
@madalinivascu Postman was useful and gave me exact results Thank You! If you write down that as an answer i will upvote it. – iLiA Jun 27 '19 at 12:09
-
@MagnusEriksson Thank you your answers was helpful. If you write down it I will upvote it (I mean answer about devtools) – iLiA Jun 27 '19 at 12:10
2 Answers
1
You can use the -D option wit curl:
-D, --dump-header <filename> Write the received headers to <filename>
curl http://whatever.com -D myheaders.txt
Then open myheaders.com and look for the header you want.
StephaneM
- 4,779
- 1
- 16
- 33
1
Every major internet browser today (Chrome, Fx, MSIE...) lets you see in its developer tools the network transfers, including headers with each request and each response:
AmigoJack
- 5,234
- 1
- 15
- 31
-
There were provided many useful answers but you provided browser integrated answer and because of that it was most easy and fast – iLiA Jun 27 '19 at 12:07