OWASP Annotated Application Security Verification Standard
latest

Browse by chapter:

  • 1 Architecture, Design and Threat Modeling
  • 2 Authentication
  • 3 Session Management
  • 4 Access Control
  • 5 Validation, Sanitization and Encoding
  • 6 Stored Cryptography
  • 7 Error Handling and Logging
  • 8 Data Protection
  • 9 Communications
  • 10 Malicious Code
  • 11 Business Logic
  • 12 Files and Resources
  • 13 API and Web Service
  • 14 Configuration
    • 14.1 Build
    • 14.2 Dependency
    • 14.3 Unintended Security Disclosure Requirements
    • 14.4 HTTP Security Headers Requirements
      • 14.4.1 Every HTTP response specifies a safe character set
      • 14.4.2 All API responses contain Content-Disposition: attachment; filename=”api.json”
      • 14.4.3 A content security policy is in place
      • 14.4.4 All responses contain X-Content-Type-Options: nosniff
      • 14.4.5 HTTP Strict Transport Security headers are included on all responses
      • 14.4.6 A suitable “Referrer-Policy” header is included
      • 14.4.7 A suitable X-Frame-Options or Content-Security-Policy header is in use
    • 14.5 Validate HTTP Request Header Requirements
OWASP Annotated Application Security Verification Standard
  • Docs »
  • 14 Configuration »
  • 14.4 HTTP Security Headers Requirements

14.4 HTTP Security Headers Requirements¶

Browse by item:

  • 14.4.1 Every HTTP response specifies a safe character set
  • 14.4.2 All API responses contain Content-Disposition: attachment; filename=”api.json”
  • 14.4.3 A content security policy is in place
  • 14.4.4 All responses contain X-Content-Type-Options: nosniff
  • 14.4.5 HTTP Strict Transport Security headers are included on all responses
  • 14.4.6 A suitable “Referrer-Policy” header is included
  • 14.4.7 A suitable X-Frame-Options or Content-Security-Policy header is in use
Next Previous

© Copyright 2019 Wessel van der Linden Revision 63d1bede.

Built with Sphinx using a theme provided by Read the Docs.