Skip to content

Commit

Permalink
Update document/4-Web_Application_Security_Testing/02-Configuration_a…
Browse files Browse the repository at this point in the history 
…nd_Deployment_Management_Testing/14-Test_Other_HTTP_Security_Header_Misconfigurations.md

Co-authored-by: Rick M <[email protected]>
  • Loading branch information
@websecnl @kingthorin
websecnl and kingthorin authored Feb 5, 2025
1 parent 51e94a4 commit c009355
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions ...ment_Management_Testing/14-Test_Other_HTTP_Security_Header_Misconfigurations.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,9 @@ Referrer-Policy: unsafe-url
And here is an example of its strict directive (secure) equivalents:

```http
Access-Control-Allow-Origin: {theallowedoriginurl}
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: no-referrer
Access-Control-Allow-Origin: {theallowedoriginurl}
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: no-referrer
```

To verify the directives make sure you search the header name on the [Mozilla Developer Network: Security Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers) website as this will give you a proper overview of secure and insecure directives for each header.
Expand Down

0 comments on commit c009355

Please sign in to comment.