Aus Siwecos
Wechseln zu: Navigation, Suche


In the HTML source code of a website, the header under the tag <head> contains important informations for search engines such as meta tags etc. With the SIWECOS scanners we examine both the headers in the HTML source code and the HTTP headers that are exchanged between browser and server.

Example of an HTML header

<!DOCTYPE html>
<html lang="de-DE" prefix="og: http://ogp.me/ns#">
  <meta charset="UTF-8" />
  <meta http-equiv="X-UA-Compatible" content="IE=10" />
  <link rel="profile" href="http://gmpg.org/xfn/11" />
  <link rel="pingback" href="https://siwecos.de/xmlrpc.php" />
  <title>Startseite - SIWECOS</title>
  <link rel="canonical" href="https://siwecos.de/" />
  <meta property="og:locale" content="de_DE" />
  <meta property="og:type" content="website" />
  <meta property="og:title" content="Startseite - SIWECOS" />
  <meta property="og:description" content="Siwecos On the safe side SIWECOS stands for
  "secure websites and content management systems" and helps small and medium sized
  companies to identify and address security vulnerabilities on their websites. Protect
  your web presence and your visitors from unnoticed manipulations and register your
  free of charge. Register for free" />
  <meta property="og:url" content="https://siwecos.de/" />
  <meta property="og:site_name" content="SIWECOS" />

Invalid header entry of an HTTP header

Let's take set cookie as an example. The syntax is as follows:

Set-Cookie: <cookie-name>=<cookie-value>
Set-Cookie: <cookie-name>=<cookie-value>; Expires=<date>
Set-Cookie: <cookie-name>=<cookie-value>; Max-Age=<non-zero-digit>
Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>
Set-Cookie: <cookie-name>=<cookie-value>; Path=<path-value>
Set-Cookie: <cookie-name>=<cookie-value>; Secure
Set-Cookie: <cookie-name>=<cookie-value>; HttpOnly
Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Strict
Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Lax

Single or multiple parameters can be specified:

Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly

An invalid header entry could look like this:

Set-Cookie: Secure; HttpOnly

Without a specified Cookie name or Cookie value, the HTTP header entry is invalid.

Related links to the topic