Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2026-06-23 08:47:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Report additional modern security headers as INFO

Browse Source 
Adds X-Permitted-Cross-Domain-Policies (already highlighted in emphasize_stuff_in_headers() but never reported), Origin-Agent-Cluster, Document-Policy, Clear-Site-Data, Reporting-Endpoints, Report-To and NEL to run_security_headers(), all presence-only/INFO, matching how COOP/COEP/CORP were added in #2619.
This commit is contained in:
potato-20
2026-06-06 16:27:55 +05:30
parent 7f63e73ec3
commit 0a7aff701e
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
testssl.sh
+8 -1
View File
@@ -3609,7 +3609,14 @@ run_security_headers() {
"Referrer-Policy INFO" \ "Referrer-Policy INFO" \
"X-UA-Compatible INFO" \ "X-UA-Compatible INFO" \
"Cache-Control INFO" \ "Cache-Control INFO" \
"Pragma INFO"; do "Pragma INFO" \
"X-Permitted-Cross-Domain-Policies INFO" \
"Origin-Agent-Cluster INFO" \
"Document-Policy INFO" \
"Clear-Site-Data INFO" \
"Reporting-Endpoints INFO" \
"Report-To INFO" \
"NEL INFO"; do
read header svrty <<< "${header_and_svrty}" read header svrty <<< "${header_and_svrty}"
[[ "$DEBUG" -ge 5 ]] && echo "testing \"$header\" (severity \"$svrty\")" [[ "$DEBUG" -ge 5 ]] && echo "testing \"$header\" (severity \"$svrty\")"
match_httpheader_key "$header" "$header" "$spaces" "$first" match_httpheader_key "$header" "$header" "$spaces" "$first"