From 80008853714b7f3ce52e888f33e5dbcb2fb5d3b3 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Thu, 16 Jan 2025 21:18:47 +0100
Subject: [PATCH] Add more security headers

... and deprecate "X-Content-Security-Policy" and "X-WebKit-CSP"
---
 testssl.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 1dd94c6..188de3b 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -3438,13 +3438,17 @@ run_security_headers() {
      for header_and_svrty in "X-Frame-Options OK" \
                              "X-Content-Type-Options OK" \
                              "Content-Security-Policy OK" \
-                             "X-Content-Security-Policy OK" \
-                             "X-WebKit-CSP OK" \
+                             "X-Content-Security-Policy INFO" \
+                             "X-WebKit-CSP INFO" \
                              "Content-Security-Policy-Report-Only OK" \
                              "Expect-CT OK" \
                              "Permissions-Policy OK" \
+                             "Cross-Origin-Opener-Policy INFO" \
+                             "Cross-Origin-Resource-Policy INFO" \
+                             "Cross-Origin-Embedder-Policy INFO" \
                              "X-XSS-Protection INFO" \
                              "Access-Control-Allow-Origin INFO" \
+                             "Access-Control-Allow-Credentials INFO" \
                              "Upgrade INFO" \
                              "X-Served-By INFO" \
                              "Referrer-Policy INFO" \