API Reference
HttpAnalysis
Performs basic HTTP checks against a web endpoint.
Inheritance
- Object
- HttpAnalysis
Usage
This type appears in these public API surfaces even when no hand-authored example is attached directly to the page.
Returned or exposed by
- Property DomainHealthCheck.HttpAnalysis
- Method HttpAnalysis.CheckUrl
- Property TyposquattingCandidateEnrichment.Http
- Property TyposquattingContentSimilarityOptions.HttpOverride
- Property TyposquattingEnrichmentOptions.HttpOverride
- Property TyposquattingVisualSimilarityOptions.PageHttpOverride
- Property HttpInfo.Raw
- Property WebStaticScanAnalysis.MainHttpAnalysis
Accepted by parameters
- Method HttpNarrative.Build
- Method WebsiteNarrative.Build
- Method Converters.Convert
- Method WebStaticScanAnalysis.DetectTechFromHeadersAndBody
Constructors
public HttpAnalysis() #Methods
public async Task AnalyzeUrl(String url, Boolean checkHsts, InternalLogger logger, Boolean collectHeaders = false, Boolean captureBody = false, CancellationToken cancellationToken = null, HttpRequestOptions requestOptions = null) #TaskPerforms an HTTP request to the specified URL.
Parameters
- url System.String
- The URL to query.
- checkHsts System.Boolean
- Whether to check for the presence of HSTS.
- logger DomainDetective.InternalLogger
- Logger used for error reporting.
- collectHeaders System.Boolean = false
- Whether to collect common security headers.
- captureBody System.Boolean = false
- Whether to capture the response body.
- cancellationToken System.Threading.CancellationToken = null
- Token to cancel the operation.
- requestOptions DomainDetective.HttpRequestOptions = null
- Optional request customization options.
public static async Task<HttpAnalysis> CheckUrl(String url, Boolean checkHsts = false, Boolean collectHeaders = false, Boolean captureBody = false, CancellationToken cancellationToken = null) #Task<HttpAnalysis>Convenience method to check a URL with default logging.
Parameters
- url System.String
- The URL to check.
- checkHsts System.Boolean = false
- Whether to check for HSTS.
- collectHeaders System.Boolean = false
- Whether to collect common security headers.
- captureBody System.Boolean = false
- Whether to capture the response body.
- cancellationToken System.Threading.CancellationToken = null
- Cancellation token to stop the operation.
Returns
A populated HttpAnalysis instance.
public static Void LoadHstsPreloadList(String filePath) #VoidLoads a JSON array of preloaded HSTS hosts.
Parameters
- filePath System.String
- File path containing the preload list.
Inherited Methods
public override Boolean Equals(Object obj) #BooleanParameters
- obj Object
Properties
public String Subject { get; set; } #Gets or sets the subject value.
public Nullable<Int32> StatusCode { get; set; } #Gets the HTTP status code of the response.
public TimeSpan ResponseTime { get; set; } #Gets the time taken to receive the response.
public Boolean HstsPresent { get; set; } #Gets a value indicating whether the HSTS header was present.
public Nullable<Int32> HstsMaxAge { get; set; } #Gets the max-age value from the HSTS header.
public Boolean HstsIncludesSubDomains { get; set; } #Gets a value indicating whether includeSubDomains is present in the HSTS header.
public Boolean HstsTooShort { get; set; } #Gets a value indicating whether the HSTS max-age is shorter than 18 weeks.
public List<String> UnknownHstsDirectives { get; set; } #Collects unknown or invalid HSTS directives.
public Boolean HstsPreloaded { get; set; } #Gets a value indicating whether the host is on the HSTS preload list.
public Boolean HstsPreloadDirectivePresent { get; set; } #Gets a value indicating whether the preload token was found in the HSTS header.
public Boolean HstsPreloadEligible { get; set; } #Gets a value indicating whether the HSTS header meets preload list requirements.
public Boolean XssProtectionPresent { get; set; } #Gets a value indicating whether the X-XSS-Protection header was present.
public Boolean ExpectCtPresent { get; set; } #Gets a value indicating whether the Expect-CT header was present.
public Nullable<Int32> ExpectCtMaxAge { get; set; } #Gets the max-age value from the Expect-CT header.
public String ExpectCtReportUri { get; set; } #Gets the report-uri value from the Expect-CT header.
public Boolean PublicKeyPinsPresent { get; set; } #Obsolete("Public-Key-Pins header is deprecated.")Gets a value indicating whether the Public-Key-Pins header was present.
public Boolean CspUnsafeDirectives { get; set; } #Gets a value indicating whether the Content-Security-Policy contains unsafe directives.
public Dictionary<String, SecurityHeader> SecurityHeaders { get; } #Gets a collection of detected security headers.
public HashSet<String> MissingSecurityHeaders { get; } #Gets a collection of security headers that were not present.
public Boolean IsReachable { get; set; } #Gets a value indicating whether the endpoint was reachable.
public String FailureReason { get; set; } #If IsReachable is false, explains why.
public Version ProtocolVersion { get; set; } #Gets the HTTP protocol version returned by the server.
public Boolean Http2Supported { get; set; } #Gets a value indicating whether the server supports HTTP/2.
public Boolean Http3Supported { get; set; } #Gets a value indicating whether the server supports HTTP/3.
public String QuicVersion { get; set; } #Gets the QUIC version advertised in the Alt-Svc header.
public String ServerHeader { get; set; } #Gets the value of the Server header if present.
public String NelRaw { get; set; } #Raw NEL header if present.
public String ReportToRaw { get; set; } #Raw Report-To header if present.
public String SpeculationRulesRaw { get; set; } #Raw speculation-rules header if present.
public String Body { get; set; } #Gets the response body when captureBody is enabled.
public Nullable<Int32> BodyLength { get; set; } #Gets the decompressed body length in bytes when captureBody is enabled.
public String BodySha256 { get; set; } #Gets the SHA-256 hash of the decompressed body when captureBody is enabled.
public Boolean MixedContentDetected { get; set; } #Gets a value indicating whether HTTPS content references insecure HTTP resources.
public Int32 InsecureFormsCount { get; set; } #Gets the number of forms with insecure http:// action URLs on an HTTPS page.
public List<String> InsecureFormActions { get; } #Captures representative insecure form action URLs found on page.
public Boolean PermissionsPolicyPresent { get; set; } #Gets a value indicating whether a Permissions-Policy header was present.
public Dictionary<String, String> PermissionsPolicy { get; } #Gets parsed directives from the Permissions-Policy header.
public String ReferrerPolicy { get; set; } #Gets the value of the Referrer-Policy header if present.
public String XFrameOptions { get; set; } #Gets the value of the X-Frame-Options header if present.
public String CrossOriginOpenerPolicy { get; set; } #Gets the value of the Cross-Origin-Opener-Policy header if present.
public String CrossOriginEmbedderPolicy { get; set; } #Gets the value of the Cross-Origin-Embedder-Policy header if present.
public String CrossOriginResourcePolicy { get; set; } #Gets the value of the Cross-Origin-Resource-Policy header if present.
public String XPermittedCrossDomainPolicies { get; set; } #Gets the value of the X-Permitted-Cross-Domain-Policies header if present.
public Boolean OriginAgentClusterPresent { get; set; } #Gets a value indicating whether the Origin-Agent-Cluster header was present.
public Boolean OriginAgentClusterEnabled { get; set; } #Gets a value indicating whether Origin-Agent-Cluster is enabled.
public List<String> VisitedUrls { get; } #Gets the URLs visited when following redirects.
public Int32 MaxRedirects { get; set; } #Gets or sets the maximum number of redirects to follow.
public HttpRequestMethod RequestMethodUsed { get; set; } #HTTP method used for the request.
public Boolean TlsValidationDisabled { get; set; } #True when TLS validation was disabled for the request.
public String ProxyUsed { get; set; } #Proxy URL used for the request when configured.
public List<String> RequestHeaderNames { get; } #Request header names that were sent (best-effort; excludes defaults).
public Dictionary<String, String> InformationDisclosureHeaders { get; } #Information disclosure headers observed (best-effort).
public Dictionary<String, String> CachingHeaders { get; } #Caching headers observed (best-effort).
public HashSet<String> DeprecatedHeadersPresent { get; } #Deprecated security headers observed.
public HashSet<String> MissingDeprecatedHeaders { get; } #Deprecated security headers that were missing.
public Boolean CspFrameAncestorsPresent { get; set; } #True when CSP contains a frame-ancestors directive.
public TimeSpan Timeout { get; set; } #Gets or sets the HTTP request timeout.
public Version RequestVersion { get; set; } #Gets or sets the HTTP version used for requests.
public static IList<String> DefaultSecurityHeaders { get; } #Gets the default security headers checked when HttpRequestOptions) is called with header collection enabled. The list includes modern headers such as Content-Security-Policy, Referrer-Policy, X-Frame-Options, Permissions-Policy and Origin-Agent-Cluster. Modify this list to customize which headers are captured.
public virtual List<Assessment> Assessments { get; } #Structured assessments captured during HTTP analysis.
public IReadOnlyList<RecommendationAdvice> Recommendations { get; } #Actionable recommendations derived from assessments.