Insecure HTTP Header Setting
Insecure HTTP Header Setting
Description
Insecure Header Setting:
- Content Security Policy
- Cookie
- Cross-Origin Resource Sharing
- HTTP Public Key Pinning
- Redirection
- Referrer Policy
- Subresource Integrity
- X-Content-Type-Options
- X-Frame-Options
- X-XSS-Protection
Recommendation
- Content Security Policy
- Cookie
- Cross-Origin Resource Sharing
- HTTP Public Key Pinning
- Redirection
- Referrer Policy
- Subresource Integrity
- X-Content-Type-Options
- X-Frame-Options
- X-XSS-Protection
Links
Standards
- OWASP_ASVS_L1:
- V5_1_3
- V14_5_3
- OWASP_ASVS_L2:
- V5_1_3
- V14_5_3
- OWASP_ASVS_L3:
- V5_1_3
- V14_5_3