Cats

All Tests / Test 3072

Test Id

Test 3072

Test Trace Id

dacc4635-b017-413b-a4c0-d1460f35c76a

Timestamp

Tue, 23 Jun 2026 21:31:17 GMT

Scenario

Send a happy flow request and check the following Security Headers: [X-Frame-Options/Content-Security-Policy, Cache-Control, X-Content-Type-Options, X-XSS-Protection]

Expected Result

Should return 2XX and all the above security headers within the response

Result

error

Result Details

The following keywords were detected in the response which might suggest an error details leak: [forbidden]

Contract Path

/api/alerts

Fuzzer

CheckSecurityHeaders

Full Request Path

https://qa-api.puk3p.online/api/alerts?severity=HIGH&protocol=UDP&sourceIp=194.209.17.30&size=20&from=2026-06-23T21%3A31%3A10.004547973Z&sortBy=timestamp&to=2026-06-23T21%3A31%3A10.004711556Z&page=0&deviceId=LSACEB&direction=asc

Http Method

get

Request Details

Payload

{
  "severity": "HIGH",
  "protocol": "UDP",
  "sourceIp": "194.209.17.30",
  "size": 20,
  "from": "2026-06-23T21:31:10.004547973Z",
  "sortBy": "timestamp",
  "to": "2026-06-23T21:31:10.004711556Z",
  "page": 0,
  "deviceId": "LSACEB",
  "direction": "asc"
}

Request Details

Headers

[
  {
    "key": "Accept",
    "value": "application/json"
  },
  {
    "key": "Content-Type",
    "value": "application/json"
  },
  {
    "key": "User-Agent",
    "value": "cats/13.8.1-SNAPSHOT (Test 3072 - CheckSecurityHeaders)"
  },
  {
    "key": "X-Cats-Trace-Id",
    "value": "dacc4635-b017-413b-a4c0-d1460f35c76a"
  }
]

Request Details

cURL

curl  -X GET \
     -H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "User-Agent: cats/13.8.1-SNAPSHOT (Test 3072 - CheckSecurityHeaders)" \
-H "X-Cats-Trace-Id: dacc4635-b017-413b-a4c0-d1460f35c76a" \
 \
      \
      https://qa-api.puk3p.online/api/alerts?severity=HIGH&protocol=UDP&sourceIp=194.209.17.30&size=20&from=2026-06-23T21%3A31%3A10.004547973Z&sortBy=timestamp&to=2026-06-23T21%3A31%3A10.004711556Z&page=0&deviceId=LSACEB&direction=asc

Response

{
  "responseCode": 403,
  "httpMethod": "GET",
  "responseTimeInMs": "125",
  "numberOfWordsInResponse": "1",
  "numberOfLinesInResponse": "1",
  "contentLengthInBytes": "94",
  "jsonBody": {
    "timestamp": "2026-06-23T21:31:17.243Z",
    "status": 403,
    "error": "Forbidden",
    "path": "/api/alerts"
  },
  "headers": [
    {
      "key": "cache-control",
      "value": "no-cache, no-store, max-age=0, must-revalidate"
    },
    {
      "key": "content-type",
      "value": "application/json"
    },
    {
      "key": "date",
      "value": "Tue, 23 Jun 2026 21:31:17 GMT"
    },
    {
      "key": "expires",
      "value": "0"
    },
    {
      "key": "pragma",
      "value": "no-cache"
    },
    {
      "key": "server",
      "value": "nginx/1.24.0 (Ubuntu)"
    },
    {
      "key": "strict-transport-security",
      "value": "max-age=31536000 ; includeSubDomains"
    },
    {
      "key": "vary",
      "value": "Origin"
    },
    {
      "key": "x-content-type-options",
      "value": "nosniff"
    },
    {
      "key": "x-frame-options",
      "value": "DENY"
    },
    {
      "key": "x-xss-protection",
      "value": "0"
    }
  ],
  "responseContentType": "application/json"
}

CATS Replay

cats replay Test3072