This repository was archived by the owner on Jan 9, 2019. It is now read-only.

[Hint] `Content-Security-Policy` HTTP header #24

Closed

1 of 2 tasks

molant opened this issue Sep 6, 2018 · 0 comments

Member

molant commented Sep 6, 2018

Originally reported by @alrra in webhintio/hint#25

Check if the header is sent for non-HTML resources (e.g.: on images, fonts, etc.) - done in webhintio/hint@c55bdfb.
Check for older deprecated version of the header are sent (i.e.:X-WebKit-CSP, X-Content-Security-Policy).

TODO: Look into what other checks we can add for that this (e.g.: validate the content of the header, upgrade-insecure-requests)

See also:

https://content-security-policy.com/

The text was updated successfully, but these errors were encountered:

molant mentioned this issue

Add rule(s) to check the usage of the Content-Security-Policy HTTP header webhintio/hint#25

Open

2 tasks

molant closed this as completed

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.