Plain scan metadata include all headers and cookies

Author: davegaeddert

plain-scan/plain/scan/cli.py

@@ -63,9 +63,9 @@ def format_verbose_metadata(metadata: dict) -> str:
 
     lines.append("")
 
-    # Security headers
+    # Headers
     if metadata.get("headers"):
-        lines.append(click.style("Security Headers:", bold=True))
+        lines.append(click.style("Headers:", bold=True))
         lines.append("")
         for header, value in metadata["headers"].items():
             # Truncate long headers for readability

plain-scan/plain/scan/results.py

@@ -143,7 +143,7 @@ def to_markdown(self) -> str:
 
             headers = self.metadata.get("headers")
             if headers:
-                lines.append("\n**Security Headers:**\n")
+                lines.append("\n**Headers:**\n")
                 for header, value in headers.items():
                     lines.append(f"- **{header}:** `{value}`\n")
 

plain-scan/plain/scan/scanner.py

@@ -99,25 +99,8 @@ def scan(self) -> ScanResult:
                     {"url": r.url, "status_code": r.status_code}
                     for r in response.history
                 ],
-                "headers": {
-                    "content-security-policy": response.headers.get(
-                        "Content-Security-Policy"
-                    ),
-                    "content-security-policy-report-only": response.headers.get(
-                        "Content-Security-Policy-Report-Only"
-                    ),
-                    "strict-transport-security": response.headers.get(
-                        "Strict-Transport-Security"
-                    ),
-                    "frame-options": response.headers.get("X-Frame-Options"),
-                    "content-type-options": response.headers.get(
-                        "X-Content-Type-Options"
-                    ),
-                    "referrer-policy": response.headers.get("Referrer-Policy"),
-                },
+                "headers": dict(response.headers),
             }
-            # Remove None values from headers
-            metadata["headers"] = {k: v for k, v in metadata["headers"].items() if v}
 
             # Add cookies information if present
             if response.cookies:
@@ -131,15 +114,22 @@ def scan(self) -> ScanResult:
                                 samesite = cookie._rest[key]
                                 break
 
-                    cookies.append(
-                        {
-                            "name": cookie.name,
-                            "secure": cookie.secure,
-                            "httponly": hasattr(cookie, "_rest")
-                            and "HttpOnly" in cookie._rest,
-                            "samesite": samesite,
-                        }
-                    )
+                    cookie_data = {
+                        "name": cookie.name,
+                        "value": cookie.value,
+                        "domain": cookie.domain,
+                        "path": cookie.path,
+                        "secure": cookie.secure,
+                        "httponly": hasattr(cookie, "_rest")
+                        and "HttpOnly" in cookie._rest,
+                        "samesite": samesite,
+                    }
+
+                    # Add expires if present (may be None)
+                    if cookie.expires:
+                        cookie_data["expires"] = cookie.expires
+
+                    cookies.append(cookie_data)
                 metadata["cookies"] = cookies
 
         # Run each audit