V14.4.4 "X-Content-Type-Options: nosniff" vs "X-Content-Type-Options: nosniff header" #793
Comments
|
I'd even say "nosniff *response* header" it's redundant but makes it
super clear
- Jim
On 5/29/20 8:03 PM, Elar Lang wrote:
V14.4.4
<https://github.com/OWASP/ASVS/blob/master/4.0/en/0x22-V14-Config.md#v144-http-security-headers-requirements>
Current:
V14.4.4 Verify that all responses contain X-Content-Type-Options:
nosniff.
Subcategory title "V14.4 HTTP Security Headers Requirements" kind of
says that it should be header, but requirement itself does not require
clearly header.
Proposal:
V14.4.4 Verify that all responses contain X-Content-Type-Options:
nosniff *header*.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#793>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEBYCO3FZEDFNCIO7YNCS3RUBELJANCNFSM4NON3E6A>.
--
Jim Manico
Manicode Security
https://www.manicode.com
|
Then it could be:
I think we don't need this extra "response" at the end. |
tghosth
added a commit
that referenced
this issue
Jun 2, 2020
tghosth
added a commit
that referenced
this issue
Jun 2, 2020
|
I think a single response is sufficient :) I made some other similar changes at the same time. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
V14.4.4
Current:
Subcategory title "V14.4 HTTP Security Headers Requirements" kind of says that it should be header, but requirement itself does not require clearly header.
Proposal:
The text was updated successfully, but these errors were encountered: