Complete the code to check if the 'Strict-Transport-Security' header is present in the response.
pm.test('Check HSTS header presence', () => { pm.response.to.have.header([1]); });
The 'Strict-Transport-Security' header enforces secure (HTTPS) connections. This test checks if it is present.
Complete the code to assert that the 'X-Frame-Options' header value equals 'DENY'.
pm.test('X-Frame-Options is DENY', () => { pm.response.to.have.header('X-Frame-Options'); pm.expect(pm.response.headers.get('X-Frame-Options')).to.eql([1]); });
The 'X-Frame-Options' header with value 'DENY' prevents the page from being framed, protecting against clickjacking.
Fix the error in the code to correctly check that the 'Content-Security-Policy' header contains 'default-src'.
pm.test('Content-Security-Policy contains default-src', () => { const csp = pm.response.headers.get([1]); pm.expect(csp).to.include('default-src'); });
The header name must be a string with exact casing and dashes as in 'Content-Security-Policy'.
Fill both blanks to test that the 'X-Content-Type-Options' header exists and equals 'nosniff'.
pm.test('X-Content-Type-Options header check', () => { pm.response.to.have.header([1]); pm.expect(pm.response.headers.get([2])).to.eql('nosniff'); });
Both blanks require the exact header name as a string to check presence and value.
Fill all three blanks to create a test that verifies the 'Referrer-Policy' header exists, its value is stored in a variable, and asserts it equals 'no-referrer'.
pm.test('Referrer-Policy header validation', () => { pm.response.to.have.header([1]); const refPolicy = pm.response.headers.get([2]); pm.expect(refPolicy).to.eql([3]); });
The first blank must be the header name string, the second blank the same header name string, and the third blank the expected value string 'no-referrer'.