Cats

All Tests / Test 734

Test Id

Test 734

Test Trace Id

4936549a-c912-48e3-a347-26d29b31bf42

Timestamp

Tue, 23 Jun 2026 21:25:30 GMT

Scenario

Send a 'happy' flow request with all fields and all headers and checks if the response headers match those declared in the contract

Expected Result

Should return 2XX

Result

error

Result Details

The following keywords were detected in the response which might suggest an error details leak: [forbidden]

Contract Path

/api/account/mfa/enable

Fuzzer

ResponseHeadersMatchContractHeaders

Full Request Path

https://qa-api.puk3p.online/api/account/mfa/enable

Http Method

post

Request Details

Payload

{
  "code": "897259"
}

Request Details

Headers

[
  {
    "key": "Accept",
    "value": "application/json"
  },
  {
    "key": "Content-Type",
    "value": "application/json"
  },
  {
    "key": "User-Agent",
    "value": "cats/13.8.1-SNAPSHOT (Test 734 - ResponseHeadersMatchContractHeaders)"
  },
  {
    "key": "X-Cats-Trace-Id",
    "value": "4936549a-c912-48e3-a347-26d29b31bf42"
  }
]

Request Details

cURL

curl  -X POST \
     -H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "User-Agent: cats/13.8.1-SNAPSHOT (Test 734 - ResponseHeadersMatchContractHeaders)" \
-H "X-Cats-Trace-Id: 4936549a-c912-48e3-a347-26d29b31bf42" \
 \
      -d '{"code":"897259"}' \
      https://qa-api.puk3p.online/api/account/mfa/enable

Response

{
  "responseCode": 403,
  "httpMethod": "POST",
  "responseTimeInMs": "144",
  "numberOfWordsInResponse": "1",
  "numberOfLinesInResponse": "1",
  "contentLengthInBytes": "106",
  "jsonBody": {
    "timestamp": "2026-06-23T21:25:30.311Z",
    "status": 403,
    "error": "Forbidden",
    "path": "/api/account/mfa/enable"
  },
  "headers": [
    {
      "key": "cache-control",
      "value": "no-cache, no-store, max-age=0, must-revalidate"
    },
    {
      "key": "content-type",
      "value": "application/json"
    },
    {
      "key": "date",
      "value": "Tue, 23 Jun 2026 21:25:30 GMT"
    },
    {
      "key": "expires",
      "value": "0"
    },
    {
      "key": "pragma",
      "value": "no-cache"
    },
    {
      "key": "server",
      "value": "nginx/1.24.0 (Ubuntu)"
    },
    {
      "key": "strict-transport-security",
      "value": "max-age=31536000 ; includeSubDomains"
    },
    {
      "key": "vary",
      "value": "Origin"
    },
    {
      "key": "x-content-type-options",
      "value": "nosniff"
    },
    {
      "key": "x-frame-options",
      "value": "DENY"
    },
    {
      "key": "x-xss-protection",
      "value": "0"
    }
  ],
  "responseContentType": "application/json"
}

CATS Replay

cats replay Test734