Cats

All Tests / Test 164

Test Id

Test 164

Test Trace Id

7b1e5d95-6c2f-4ea4-894a-54e229a27a29

Timestamp

Tue, 23 Jun 2026 21:23:56 GMT

Scenario

Send a happy flow request and check the following Security Headers: [X-Frame-Options/Content-Security-Policy, Cache-Control, X-Content-Type-Options, X-XSS-Protection]

Expected Result

Should return 2XX and all the above security headers within the response

Result

error

Result Details

The following keywords were detected in the response which might suggest an error details leak: [forbidden]

Contract Path

/api/account/activity

Fuzzer

CheckSecurityHeaders

Full Request Path

https://qa-api.puk3p.online/api/account/activity?limit=8

Http Method

get

Request Details

Payload

{
  "limit": 8
}

Request Details

Headers

[
  {
    "key": "Accept",
    "value": "application/json"
  },
  {
    "key": "Content-Type",
    "value": "application/json"
  },
  {
    "key": "User-Agent",
    "value": "cats/13.8.1-SNAPSHOT (Test 164 - CheckSecurityHeaders)"
  },
  {
    "key": "X-Cats-Trace-Id",
    "value": "7b1e5d95-6c2f-4ea4-894a-54e229a27a29"
  }
]

Request Details

cURL

curl  -X GET \
     -H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "User-Agent: cats/13.8.1-SNAPSHOT (Test 164 - CheckSecurityHeaders)" \
-H "X-Cats-Trace-Id: 7b1e5d95-6c2f-4ea4-894a-54e229a27a29" \
 \
      \
      https://qa-api.puk3p.online/api/account/activity?limit=8

Response

{
  "responseCode": 403,
  "httpMethod": "GET",
  "responseTimeInMs": "132",
  "numberOfWordsInResponse": "1",
  "numberOfLinesInResponse": "1",
  "contentLengthInBytes": "104",
  "jsonBody": {
    "timestamp": "2026-06-23T21:23:56.622Z",
    "status": 403,
    "error": "Forbidden",
    "path": "/api/account/activity"
  },
  "headers": [
    {
      "key": "cache-control",
      "value": "no-cache, no-store, max-age=0, must-revalidate"
    },
    {
      "key": "content-type",
      "value": "application/json"
    },
    {
      "key": "date",
      "value": "Tue, 23 Jun 2026 21:23:56 GMT"
    },
    {
      "key": "expires",
      "value": "0"
    },
    {
      "key": "pragma",
      "value": "no-cache"
    },
    {
      "key": "server",
      "value": "nginx/1.24.0 (Ubuntu)"
    },
    {
      "key": "strict-transport-security",
      "value": "max-age=31536000 ; includeSubDomains"
    },
    {
      "key": "vary",
      "value": "Origin"
    },
    {
      "key": "x-content-type-options",
      "value": "nosniff"
    },
    {
      "key": "x-frame-options",
      "value": "DENY"
    },
    {
      "key": "x-xss-protection",
      "value": "0"
    }
  ],
  "responseContentType": "application/json"
}

CATS Replay

cats replay Test164