Detections
Analytics

HTTP Origin Response Header Usage

info Nessus Plugin ID 50343

Language:

Synopsis

The remote web server takes some steps to mitigate a class of web application vulnerabilities.

Description

The remote web server sets an Origin response header in some responses.

Origin has been proposed as a way to mitigate cross-site request forgery and JSON data theft.

See Also

https://tools.ietf.org/html/draft-abarth-origin-05

http://dev.w3.org/2006/waf/access-control/#origin-request-header

https://wiki.mozilla.org/Security/Origin

Plugin Details

Severity: Info

ID: 50343

File Name: http_Origin_header.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 10/26/2010

Updated: 1/19/2021

Supported Sensors: Nessus