Web Tech Detection viaa Tokens, Headers & Cookies
Last updated
Last updated
Language/Framework
Common Headers or Cookies
Token Patterns
Additional Indicators
PHP
PHPSESSID, laravel_session, ci_session
- CSRF: csrf_test_name, X-CSRF-TOKEN (Laravel)<br>- JWT: Authorization: Bearer
Cookie length; Base64-encoded tokens
Python (Django)
csrftoken, sessionid
- CSRF: X-CSRFToken<br>- JWT: Authorization: Bearer
Use of headers like X-CSRFToken
Ruby on Rails
_rails_session, _csrf_token
- CSRF: authenticity_token in forms
Clean URLs; RESTful route names
Java (Spring)
JSESSIONID
- CSRF: X-CSRF-TOKEN<br>- JWT: Authorization: Bearer
Common names like JSESSIONID
Node.js (Express)
connect.sid
- JWT: Authorization: Bearer
Routes like /api or /auth; custom headers
.ASPXAUTH, .AspNet.Session
- CSRF: __RequestVerificationToken in forms<br>- JWT: Authorization: Bearer
Cookies with .ASPX
Core**
.AspNetCore.Session, .AspNetCore.Identity
- CSRF: RequestVerificationToken
Middleware for JWT and OAuth2
Laravel (PHP)
laravel_session, XSRF-TOKEN
- CSRF: X-CSRF-TOKEN
SHA-256 encoded tokens
CodeIgniter (PHP)
ci_session
- CSRF: csrf_test_name in forms
Lightweight cookies, basic values
Angular (Frontend)
X-XSRF-TOKEN, Authorization: Bearer
- JWT in headers or cookies
Common use of AngularJS in SPAs
React (Frontend)
Authorization: Bearer
- JWT and OAuth2
Tokens managed in local storage or cookies
Vue.js (Frontend)
Authorization: Bearer, X-XSRF-TOKEN
- Similar to Angular
Libraries for handling CSRF and OAuth2
Flask (Python)
session, csrf_token
- JWT: Authorization: Bearer
RESTful APIs with clear routes
FastAPI (Python)
Authorization: Bearer
- JWT: Authorization: Bearer
Similar to Flask, more OpenAPI oriented
Symfony (PHP)
PHPSESSID, symfony
- CSRF: tokens in forms
Custom cookie names
Spring Boot (Java)
JSESSIONID
- JWT: Authorization: Bearer<br>- CSRF: X-CSRF-TOKEN
RESTful routes like /v1/api/
Express.js (Node)
connect.sid
- JWT in headers
Flexible cookie and middleware handling
Django Rest Framework (Python)
Authorization: Bearer
- JWT: Authorization: Bearer
REST prefixes in routes, like /api/v1/
Next.js (React)
Authorization: Bearer, custom cookies
- CSRF or JWT tokens
Combined use of APIs and SSR