With the recent advancements in technology, more people are aware of the importance of security. More companies started paying huge rewards to protect the sensitive information of their customers.
This Firefox extension is first of its kind and open source product. The Firefox extension is capable of detecting header related vulnerabilities by analyzing the request and response headers. The browser extension requires no special configurations, easy to install, easy to use, low false positives and capable of finding vulnerabilities in all the endpoints the user visits in a fraction of seconds. The web application firewall doesn’t block the requests crafted by the browser extension (due to legit traffic) yielding better results compared to other existing tools.
As of today, the browser extension is capable of detecting CORS misconfiguration, Host Header Injection, Clickjacking and missing secure flags/headers vulnerabilities.
I found vulnerabilities in Bugcrowd, Hotstar, Medium, Signup.com, Chargify etc using this minimal browser extension. People from across the globe (India, Sri Lanka, Taiwan, Philippines, Nepal, Denmark, etc) found this tool to be helpful, https://github.com/rewanthtammana/vuln-headers-extension/stargazers