v11 HTTP security configuration verification requirementsΒΆ
- 11.1 Only defined HTTP Request methods are accepted
- 11.2 Every HTTP Response contains a Content-Type header with safe character set
- 11.3 Trusted HTTP headers are authenticated
- 11.4 X-Frame-Options is used correctly
- 11.5 X-Content-Type-Options is used correctly
- 11.6 HTTP headers in Requests and Responses contain only printable ASCII
- 11.7 Content-Security-Policy is used correctly
- 11.8 X-XSS-Protection is used correctly