Automatically detecting missing HSTS with Python

Here, we will see an approach that we will use in order to identify whether the website is vulnerable to clickjacking. We will use a simple Python script that will check whether Strict-Transport-Security is present in the response header rendered by the application. We will name the script and put the following content in it:

Let's run the script and see if the application DVWA is protected against Clickjacking or not:

Get Hands-On Penetration Testing with Python now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.