Update 14-Test_Other_HTTP_Security_Header_Misconfigurations.md

OWASP · Feb 24, 2025 · be7e4c3 · be7e4c3
1 parent c18a6bf
commit be7e4c3
Showing 1 changed file with 12 additions and 13 deletions.
diff --git a/...ment_Management_Testing/14-Test_Other_HTTP_Security_Header_Misconfigurations.md b/...ment_Management_Testing/14-Test_Other_HTTP_Security_Header_Misconfigurations.md
@@ -47,19 +47,18 @@ To inspect the security headers used by an application, employ the following met
 
 - **Identify Risky Headers:** Look for headers that could allow excessive access, such as:
 - **Evaluate Directives:** Verify whether strict directives are enforced. For example, an overpermissive setup might appear as:
-```http
-Access-Control-Allow-Origin: *
-Access-Control-Allow-Credentials: true
-X-Permitted-Cross-Domain-Policies: all
-Referrer-Policy: unsafe-url
-```
-
-A safe configuration would look like:
-```http
-Access-Control-Allow-Origin: {theallowedoriginurl}
-X-Permitted-Cross-Domain-Policies: none
-Referrer-Policy: no-referrer
-```
+    ```http
+    Access-Control-Allow-Origin: *
+    Access-Control-Allow-Credentials: true
+    X-Permitted-Cross-Domain-Policies: all
+    Referrer-Policy: unsafe-url
+    ```
+    A safe configuration would look like:
+    ```http
+    Access-Control-Allow-Origin: {theallowedoriginurl}
+    X-Permitted-Cross-Domain-Policies: none
+    Referrer-Policy: no-referrer
+    ```
 - **Cross-Reference Documentation:** Use resources such as the [Mozilla Developer Network: Security Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers) to review secure and insecure directives.
 
 ### Check for Duplicate, Deprecated / Obsolete Headers