Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-17 14:09:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add more security headers

Browse Source 
... and deprecate "X-Content-Security-Policy" and "X-WebKit-CSP"
This commit is contained in:
Dirk Wetter 2025-01-16 21:18:47 +01:00
parent 701c606eac
commit 8000885371
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
testssl.sh
View File

@ -3438,13 +3438,17 @@ run_security_headers() {
for header_and_svrty in "X-Frame-Options OK" \
"X-Content-Type-Options OK" \
"Content-Security-Policy OK" \
"X-Content-Security-Policy OK" \
"X-WebKit-CSP OK" \
"X-Content-Security-Policy INFO" \
"X-WebKit-CSP INFO" \
"Content-Security-Policy-Report-Only OK" \
"Expect-CT OK" \
"Permissions-Policy OK" \
"Cross-Origin-Opener-Policy INFO" \
"Cross-Origin-Resource-Policy INFO" \
"Cross-Origin-Embedder-Policy INFO" \
"X-XSS-Protection INFO" \
"Access-Control-Allow-Origin INFO" \
"Access-Control-Allow-Credentials INFO" \
"Upgrade INFO" \
"X-Served-By INFO" \
"Referrer-Policy INFO" \