Large Scale Evaluation of Secure Headers in Wild

Project summary

We assume that malicious javascript is inserted into the server and reflected to the client browser by a cross-site scripting (XSS) attack. Then, we want to know whether the browsers successfully detect and prevent the XSS’s implications by analyzing secure headers in HTTP response headers. In this work, we investigate the actual usage of secure headers and conduct a large-scale evaluation. For this, we first compare the secure header collected on different days and identify which fields and websites are vulnerable. Also, we analyze the websites that can be vulnerable due to a mismatch, which is the difference between a website’s request and browser support for a secure header for each browser.

Libraries and frameworks

  • Crawler (HTTP response): Python
  • Crawler (Browser support option): Javascript (nodejs)
This is done as a course project in KAIST IS542 Web Service Security and Privacy, Fall 2022.
Yeongbin Hwang
Yeongbin Hwang
Master’s Student @ KAIST

My research interests include 5G core network, guided fuzzing test, and control plane analysis.