Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-net-insights
Overview
7Dashboards
54Benchmarks
26Queries
2Variables
GitHub

Dashboard: Security Headers Report

This report answers the following questions:

  • What are the raw headers for my website?
  • Does my website implement common security headers:
    • Content-Security-Policy
    • HTTP Strict-Transport-Security
    • Permissions-Policy
    • Referrer-Policy
    • X-Content-Type-Options
    • X-Frame-Options
This dashboard contains 6 cards, 1 input and 2 tables.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-net-insights

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select Security Headers Report dashboard.

You could also snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe dashboard run net_insights.dashboard.security_headers_report --share

Queries

This dashboard uses the the following queries:
select
  case
    when response_headers -> 'Content-Security-Policy' is not null then 'Present'
    else 'Missing'
  end as value,
  case
    when response_headers -> 'Content-Security-Policy' is not null then 'ok'
    else 'alert'
  end as type,
  'Content-Security-Policy' as label
from
  net_http_request
where
  url = $1;


{
  "$1": "website_url_input"
}

Tags

category = Networking
service = Net/HTTP
type = Report