From ad912ea332943630bc8912382cc8afbe44010918 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Wed, 22 Jan 2025 20:05:19 +0100
Subject: [PATCH] Fix typo + tags

---
 testssl.sh | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 6474414..02a2ac8 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -3127,7 +3127,7 @@ emphasize_stuff_in_headers(){
           -e "s/X-Powered-By/${yellow}X-Powered-By${off}/g" \
           -e "s/X-UA-Compatible/${yellow}X-UA-Compatible${off}/g" \
           -e "s/Link/${yellow}Link${off}/g" \
-          -e "s/X-DNS-Prefetch-Control/${html_yellow}X-DNS-Prefetch-Control${html_off}/g" \
+          -e "s/X-DNS-Prefetch-Control/${yellow}X-DNS-Prefetch-Control${off}/g" \
           -e "s/X-Rack-Cache/${yellow}X-Rack-Cache${off}/g" \
           -e "s/X-Runtime/${yellow}X-Runtime${off}/g" \
           -e "s/X-Pingback/${yellow}X-Pingback${off}/g" \
@@ -3183,14 +3183,13 @@ emphasize_stuff_in_headers(){
                     -e "s/X-Pingback/${html_yellow}X-Pingback${html_off}/g" \
                     -e "s/X-Permitted-Cross-Domain-Policies/${html_yellow}X-Permitted-Cross-Domain-Policies${html_off}/g" \
                     -e "s/X-AspNet-Version/${html_yellow}X-AspNet-Version${html_off}/g" \
-                    -e "s/X-AspNetMvc-Version/${yellow}X-AspNetMvc-Version${off}/g" \
+                    -e "s/X-AspNetMvc-Version/${html_yellow}X-AspNetMvc-Version${html_off}/g" \
                     -e "s/x-note/${html_yellow}x-note${html_off}/g" \
                     -e "s/X-Global-Transaction-ID/${html_yellow}X-Global-Transaction-ID${html_off}/g" \
                     -e "s/x-global-transaction-id/${html_yellow}x-global-transaction-id${html_off}/g" \
                     -e "s/Alt-Svc/${html_yellow}Alt-Svc${html_off}/g" \
                     -e "s/system-wsgw-management-loopback/${html_yellow}system-wsgw-management-loopback${html_off}/g"
-#FIXME: this is double code. The pattern to emphasize would fit better into
-# one function.
+#FIXME: this is double code. The pattern to emphasize would fit better into one function.
 # Also we need another function like run_other_header as otherwise "Link" "Alt-Svc" will never be found.
 # And: I matches case sensitive only which might not detect all banners. (sed ignorecase is not possible w/ BSD sed)
           else
@@ -3439,7 +3438,7 @@ run_security_headers() {
 
      pr_bold " Security headers             "
      # X-XSS-Protection is useless and at worst harmful, see https://news.ycombinator.com/item?id=20472947
-     # Expect-CT is depecated, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
+     # Expect-CT is deprecated, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
      for header_and_svrty in "X-Frame-Options OK" \
                              "X-Content-Type-Options OK" \
                              "Content-Security-Policy OK" \