14.4 HTTP Security Headers Requirements¶
Browse by item:
- 14.4.1 Every HTTP response specifies a safe character set
- 14.4.2 All API responses contain Content-Disposition: attachment; filename=”api.json”
- 14.4.3 A content security policy is in place
- 14.4.4 All responses contain X-Content-Type-Options: nosniff
- 14.4.5 HTTP Strict Transport Security headers are included on all responses
- 14.4.6 A suitable “Referrer-Policy” header is included
- 14.4.7 A suitable X-Frame-Options or Content-Security-Policy header is in use