Fast Headers Microservice

Documentation

Base Url

Authorization

All endpoints require an Authorization header with a valid token.

        Authorization: `Token ${auth_token}`
    

Endpoints

Check headers

v1

        curl --location 'http://lzrms-fast-headers.lazarustechservices.com/v1/header-risk' \
--header 'Authorization: Token auth token' \
--header 'Content-Type: application/json' \
--data '{
    "url": "url to inspect"
}'
    

Returns a JSON object with the risk score and details of the headers.

        {
    "status": "success",
    "data": {
        "riskSummary": {
            "risk": number,
            "contentSecurityPolicy": number,
            "permissionPolicy": number,
            "referrerPolicy": number,
            "strictTransportSecurity": number,
            "xContentTypeOptions": number,
            "xFrameOptions": number
        },
        "contentSecurityPolicy": {
            "risk": number,
            "details": {
                "directive-name": {
                    "directive": "directive content"
                }
                ...
            }
        },
        "permissionPolicy": {
            "risk": number,
            "details": [
                {
                    "permissions": "permission name",
                    "values": "permission value"
                }
            ]
        },
        "referrerPolicy": {
            "risk": number,
            "details": {
                "policy": "policy value"
            }
        },
        "strictTransportSecurity": {
            "risk": number,
            "details": [
                {
                    "directive": "max-age",
                    "value": "value to exp in seconds, this should be at least 31536000 (1 year) if not make error"
                },
                {
                    "directive": "includeSubDomains"
                }
                ...
            ]
        },
        "xContentTypeOptions": {
            "risk": number,
            "details": {
                "value": "should be 'nosniff' if not make error"
            }
        },
        "xFrameOptions": {
            "risk": number,
            "details": {
                "value": "should be 'DENY' or 'SAMEORIGIN' if not make error"
            }
        }
    }
}