Header Change Notifier

Header Change Notifier detects when HTTP response headers change between requests to the same URL. Using passive scanning, it tracks security-critical headers across browsing sessions and raises scanner issues when changes are found. This makes it easier to spot security misconfigurations, inconsistent server behaviour, and weakened security policies during testing.

Features

• Passive scanner integration that respects scope settings and automatically raises issues in the Scanner tab for high-risk header changes
• Pre-configured tracking of ten security headers, including Content-Security-Policy, Strict-Transport-Security, Set-Cookie, and Access-Control-Allow-Origin
• Automatic risk classification: changes are rated Critical, High, Medium, or Low based on the header type and the nature of the change (e.g. removal of a Secure or HttpOnly cookie attribute raises the severity)
• Customisable header list: Enable or disable default headers, or add any custom header to monitor
• CSV export of all detected changes, including timestamps, old and new values, and risk levels

Usage

1. Once loaded, the extension monitors HTTP responses automatically via passive scanning
2. Browse or scan your target; the extension records the first response for each URL and flags subsequent responses where tracked headers differ
3. Open the "Header Change Notifier" tab to review detected changes in a table showing the URL, header name, old value, new value, and risk level
4. Check the Scanner "Issues" tab on your Dashboard for issues raised automatically against high-risk header changes
5. Adjust which headers are tracked under the "Settings" tab, and add new headers using the custom header input field
6. Click "Export CSV" to save all detected changes to a file