Cats

All Tests / Test 5071

Test Id

Test 5071

Test Trace Id

5d164b01-20c6-460f-a51e-e0d412dcf311

Timestamp

Tue, 23 Jun 2026 21:36:33 GMT

Scenario

Send a happy flow request and check the following Security Headers: [X-Frame-Options/Content-Security-Policy, Cache-Control, X-Content-Type-Options, X-XSS-Protection]

Expected Result

Should return 2XX and all the above security headers within the response

Result

error

Result Details

The following keywords were detected in the response which might suggest an error details leak: [forbidden]

Contract Path

/api/alerts/{alertId}

Fuzzer

CheckSecurityHeaders

Full Request Path

https://qa-api.puk3p.online/api/alerts/JFFEAPIXPGXRHCAXPWXBTBJHHIBOYS

Http Method

get

Request Details

Payload

{
  "alertId": "JFFEAPIXPGXRHCAXPWXBTBJHHIBOYS"
}

Request Details

Headers

[
  {
    "key": "Accept",
    "value": "application/json"
  },
  {
    "key": "Content-Type",
    "value": "application/json"
  },
  {
    "key": "User-Agent",
    "value": "cats/13.8.1-SNAPSHOT (Test 5071 - CheckSecurityHeaders)"
  },
  {
    "key": "X-Cats-Trace-Id",
    "value": "5d164b01-20c6-460f-a51e-e0d412dcf311"
  }
]

Request Details

cURL

curl  -X GET \
     -H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "User-Agent: cats/13.8.1-SNAPSHOT (Test 5071 - CheckSecurityHeaders)" \
-H "X-Cats-Trace-Id: 5d164b01-20c6-460f-a51e-e0d412dcf311" \
 \
      \
      https://qa-api.puk3p.online/api/alerts/JFFEAPIXPGXRHCAXPWXBTBJHHIBOYS

Response

{
  "responseCode": 403,
  "httpMethod": "GET",
  "responseTimeInMs": "452",
  "numberOfWordsInResponse": "1",
  "numberOfLinesInResponse": "1",
  "contentLengthInBytes": "125",
  "jsonBody": {
    "timestamp": "2026-06-23T21:36:33.616Z",
    "status": 403,
    "error": "Forbidden",
    "path": "/api/alerts/JFFEAPIXPGXRHCAXPWXBTBJHHIBOYS"
  },
  "headers": [
    {
      "key": "cache-control",
      "value": "no-cache, no-store, max-age=0, must-revalidate"
    },
    {
      "key": "content-type",
      "value": "application/json"
    },
    {
      "key": "date",
      "value": "Tue, 23 Jun 2026 21:36:33 GMT"
    },
    {
      "key": "expires",
      "value": "0"
    },
    {
      "key": "pragma",
      "value": "no-cache"
    },
    {
      "key": "server",
      "value": "nginx/1.24.0 (Ubuntu)"
    },
    {
      "key": "strict-transport-security",
      "value": "max-age=31536000 ; includeSubDomains"
    },
    {
      "key": "vary",
      "value": "Origin"
    },
    {
      "key": "x-content-type-options",
      "value": "nosniff"
    },
    {
      "key": "x-frame-options",
      "value": "DENY"
    },
    {
      "key": "x-xss-protection",
      "value": "0"
    }
  ],
  "responseContentType": "application/json"
}

CATS Replay

cats replay Test5071